From 35bd6f5b4e3a20f4c083b89d48bc876b07676ef5 Mon Sep 17 00:00:00 2001
From: OoXooOx <ppffvv7@gmail.com>
Date: Mon, 1 Jan 2024 18:29:47 +0200
Subject: [PATCH] Comment about verify caller in callback functions

---
 src/UniswapV3Manager.sol    | 4 +++-
 src/UniswapV3NFTManager.sol | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/UniswapV3Manager.sol b/src/UniswapV3Manager.sol
index 8c8b47d..cbdf616 100644
--- a/src/UniswapV3Manager.sol
+++ b/src/UniswapV3Manager.sol
@@ -185,7 +185,9 @@ contract UniswapV3Manager is IUniswapV3Manager {
             PoolAddress.computeAddress(factory, token0, token1, fee)
         );
     }
-
+    //You should understand that callback functions can invoke anybody and take all approved to manager SC assets.
+    //We do not verify caller here, but in production it must be. For example in UniswapV3Router we can see:
+    //CallbackValidation.verifyCallback(factory, tokenIn, tokenOut, fee);
     function uniswapV3MintCallback(
         uint256 amount0,
         uint256 amount1,
diff --git a/src/UniswapV3NFTManager.sol b/src/UniswapV3NFTManager.sol
index a0a2f14..7db0d1d 100644
--- a/src/UniswapV3NFTManager.sol
+++ b/src/UniswapV3NFTManager.sol
@@ -242,6 +242,9 @@ contract UniswapV3NFTManager is ERC721 {
     // CALLBACKS
     //
     ////////////////////////////////////////////////////////////////////////////
+    //You should understand that callback functions can invoke anybody and take all approved to manager SC assets.
+    //We do not verify caller here, but in production it must be. For example in UniswapV3Router we can see:
+    //CallbackValidation.verifyCallback(factory, tokenIn, tokenOut, fee);
     function uniswapV3MintCallback(
         uint256 amount0,
         uint256 amount1,