Skip to content

feat: Reentrancy locks in Spoke #1073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
avniculae wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

feat: Reentrancy locks in Spoke #1073

avniculae wants to merge 1 commit into from
+484 −87

Conversation

@avniculae
Copy link
Contributor

@avniculae avniculae commented Dec 18, 2025
edited
Loading

  • Reentrancy attacks should not be a concern for the Spoke since Hub, IR Strategy and Price Feeds are trusted, and V4 does not support ERC20s with callbacks.
  • That said, adding (transient) reentrancy locks is a low-cost, effective protection.

@avniculae avniculae force-pushed the feat/reentrancy-locks branch from 0dcc11b to d4f9ba8 Compare December 18, 2025 17:31
yan-man
yan-man reviewed Dec 18, 2025
View reviewed changes
tests/Base.t.sol
import {MockERC1271Wallet} from 'tests/mocks/MockERC1271Wallet.sol';
import {MockSpokeInstance} from 'tests/mocks/MockSpokeInstance.sol';
import {MockSkimSpoke} from 'tests/mocks/MockSkimSpoke.sol';
import {MockReentrantHub} from 'tests/mocks/MockReentrantHub.sol';
Copy link
Contributor

@yan-man yan-man Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more contracts into base :'(

@avniculae avniculae changed the title feat: Reentrancy locks feat: Reentrancy locks in Spoke Dec 19, 2025
@avniculae avniculae marked this pull request as ready for review December 19, 2025 11:11
@avniculae avniculae force-pushed the feat/reentrancy-locks branch from d4f9ba8 to 875b77c Compare December 19, 2025 11:18
yan-man
yan-man reviewed Dec 20, 2025
View reviewed changes
tests/unit/Spoke/Liquidations/Spoke.LiquidationCall.Scenarios.t.sol
uint256 collateralReserveId = _daiReserveId(spoke);
uint256 debtReserveId = _wethReserveId(spoke);

// _updateTargetHealthFactor(spoke, 1.001e18);
Copy link
Contributor

@yan-man yan-man Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rm?

miguelmtzinf
miguelmtzinf reviewed Jan 2, 2026
View reviewed changes
tests/unit/Spoke/Spoke.Supply.t.sol
);
vm.expectRevert(ReentrancyGuardTransient.ReentrancyGuardReentrantCall.selector);
vm.prank(bob);
spoke1.supply(_daiReserveId(spoke1), amount, bob);
Copy link
Member

@miguelmtzinf miguelmtzinf Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use onBehalf so we make sure reentrancy lock is checked first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yan-man yan-man yan-man left review comments

@miguelmtzinf miguelmtzinf miguelmtzinf left review comments

@Kogaroshi Kogaroshi Awaiting requested review from Kogaroshi

@DhairyaSethi DhairyaSethi Awaiting requested review from DhairyaSethi

@CheyenneAtapour CheyenneAtapour Awaiting requested review from CheyenneAtapour

Assignees

No one assigned

Labels

priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@avniculae @yan-man @miguelmtzinf