Stable Pool: ongoing reentrancy protection #2331
Open
+70
−5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This was the patch change: #2206 |
jubeira
reviewed
Mar 8, 2023
There was a problem hiding this comment.
First pass done.
Besides the inline comment,
- don't we also need to protect
updateTokenRateCacheinComposableStablePoolRates? - what about
disableRecoveryMode? It already has access to the vault, but I don't see the protection applied in this branch either. EDIT: it's added in Weighted Pool: ongoing reentrancy protection #2330
| @@ -141,6 +142,8 @@ abstract contract ComposableStablePoolRates is IComposableStablePoolRates, Compo | |||
|
|
|||
| /// @inheritdoc IComposableStablePoolRates | |||
| function setTokenRateCacheDuration(IERC20 token, uint256 duration) external override authenticate { | |||
| VaultReentrancyLib.ensureNotInVaultContext(_getVault()); | |||
There was a problem hiding this comment.
Why not define a modifier and use it here, like we did for the patch?
Yes; didn't want to potentially conflict. |
jubeira
reviewed
Mar 9, 2023
There was a problem hiding this comment.
Patch looks good; all the functions that should be protected and documented are covered with this.
I've just left one super minor comment regarding a comment.
About the tests: we could include them in the fork tests as we did with the patches instead of doing unit tests. I don't have a strong opinion regarding what's the best way forward. WDYT @nventuro ?
pkg/interfaces/contracts/pool-stable/IComposableStablePoolRates.sol
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
ComposableStablePool (version 3) was patched for reentrancy; this applies the same (generalized) protections so that any future deployments are safe.
Type of change
Checklist:
master, or there's a description of how to mergeIssue Resolution