534382f785
The previous guard blocked setFeeDestination when feeDestination.code.length > 0 but did not persist feeDestinationLocked — a revert undoes all state changes. An attacker could CREATE2-deploy bytecode to the EOA fee destination, triggering the block, then SELFDESTRUCT to clear the code, then call setFeeDestination again successfully (lock was never committed). Fix: detect bytecode at the current feeDestination first; if found, set feeDestinationLocked = true and RETURN (not revert) so the storage write is committed. A subsequent SELFDESTRUCT cannot undo a committed storage slot. Updated NatSpec documents both the protection and the remaining limitation (atomic CREATE2+SELFDESTRUCT in a single tx cannot be detected). Added testSetFeeDestination_CREATE2BytecodeDetection_Locks covering: set EOA → vm.etch (simulate CREATE2 deploy) → verify lock committed → vm.etch empty (simulate selfdestruct) → verify setter still blocked. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| abstracts | ||
| helpers | ||
| interfaces | ||
| libraries | ||
| IOptimizer.sol | ||
| Kraiken.sol | ||
| LiquidityManager.sol | ||
| Optimizer.sol | ||
| OptimizerV3.sol | ||
| OptimizerV3Push3.sol | ||
| Stake.sol | ||
| VWAPTracker.sol | ||