diff --git a/data/0xNirix-Q.md b/data/0xNirix-Q.md new file mode 100644 index 0000000..6698034 --- /dev/null +++ b/data/0xNirix-Q.md @@ -0,0 +1,37 @@ +1. Inefficient Credential Validation: Potential Double-Check of Same Provider in AccessControlHooks Contract + +https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/access/AccessControlHooks.sol#L670-L680 + +```solidity + +// Handle the calldata suffix, if any +if (_handleHooksData(status, accountAddress, hooksData)) { + return (true, true); +} + +uint256 pullProviderIndexToSkip = type(uint256).max; + +// If lender has an expired credential from a pull provider, attempt to refresh it +if (!lastProvider.isNull() && status.canRefresh) { + if (_tryGetCredential(status, lastProvider, accountAddress)) { + return (true, true); + } + // If refresh fails, provider should be skipped in the query loop + pullProviderIndexToSkip = lastProvider.pullProviderIndex(); +} +``` + +If the hooksData has a length of 20 bytes (which represents just a provider address), _handleHooksData will attempt to get a credential from that provider using _tryGetCredential. +If that fails, the code then checks if there's a lastProvider and attempts to refresh the credential using the same _tryGetCredential method. +If the provider in hooksData (with length 20) is the same as lastProvider, this would result in trying to get a credential from the same provider twice. + +This redundancy could lead to unnecessary gas consumption and potentially confusing behavior. + + + +2. In HooksFactory, once a hooks template is disabled, there's no way to re-enable it. +`disableHooksTemplate` function sets enabled to false, but there's no corresponding function to set it back to true. https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L201 + + + +3.The HooksFactory contract allows the creation of new markets using hooks instances derived from disabled templates. While the contract prevents the deployment of new hooks instances from disabled templates, it fails to check the enabled status of a template when deploying a market with an existing hooks instance. This oversight potentially allows the continued use of hooks logic that has been identified as problematic or insecure, bypassing the intended security measure of disabling templates. https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L502 \ No newline at end of file