From 2beee40826920605c2573eb28fed3e7754cfd092 Mon Sep 17 00:00:00 2001 From: Rubilmax Date: Tue, 24 Oct 2023 11:34:23 +0200 Subject: [PATCH] fix(erc4626): enforce owner is bundler --- src/ERC4626Bundler.sol | 14 ++++---------- test/forge/ERC4626BundlerLocalTest.sol | 2 ++ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/src/ERC4626Bundler.sol b/src/ERC4626Bundler.sol index 22219e9d..046aa494 100644 --- a/src/ERC4626Bundler.sol +++ b/src/ERC4626Bundler.sol @@ -60,36 +60,30 @@ abstract contract ERC4626Bundler is BaseBundler { /// @notice Withdraws the given amount of `assets` from the given ERC4626 `vault`, transferring assets to /// `receiver`. - /// @notice Warning: should only be called via the bundler's `multicall` function. /// @dev Pass `type(uint256).max` as `assets` to withdraw max. /// @dev Assumes the given `vault` implements EIP-4626. function erc4626Withdraw(address vault, uint256 assets, address receiver) external payable { require(receiver != address(0), ErrorsLib.ZERO_ADDRESS); /// Do not check `receiver != address(this)` to allow the bundler to receive the underlying asset. - address initiator = initiator(); - - assets = Math.min(assets, IERC4626(vault).maxWithdraw(initiator)); + assets = Math.min(assets, IERC4626(vault).maxWithdraw(address(this))); require(assets != 0, ErrorsLib.ZERO_AMOUNT); - IERC4626(vault).withdraw(assets, receiver, initiator); + IERC4626(vault).withdraw(assets, receiver, address(this)); } /// @notice Redeems the given amount of `shares` from the given ERC4626 `vault`, transferring assets to `receiver`. - /// @notice Warning: should only be called via the bundler's `multicall` function. /// @dev Pass `type(uint256).max` as `shares` to redeem max. /// @dev Assumes the given `vault` implements EIP-4626. function erc4626Redeem(address vault, uint256 shares, address receiver) external payable { require(receiver != address(0), ErrorsLib.ZERO_ADDRESS); /// Do not check `receiver != address(this)` to allow the bundler to receive the underlying asset. - address initiator = initiator(); - - shares = Math.min(shares, IERC4626(vault).maxRedeem(initiator)); + shares = Math.min(shares, IERC4626(vault).maxRedeem(address(this))); require(shares != 0, ErrorsLib.ZERO_SHARES); - IERC4626(vault).redeem(shares, receiver, initiator); + IERC4626(vault).redeem(shares, receiver, address(this)); } } diff --git a/test/forge/ERC4626BundlerLocalTest.sol b/test/forge/ERC4626BundlerLocalTest.sol index 2b05fc5e..5169c160 100644 --- a/test/forge/ERC4626BundlerLocalTest.sol +++ b/test/forge/ERC4626BundlerLocalTest.sol @@ -154,6 +154,7 @@ contract ERC4626BundlerLocalTest is LocalTest { uint256 redeemed = vault.previewWithdraw(assets); + bundle.push(_erc20TransferFrom(address(vault), redeemed)); bundle.push(_erc4626Withdraw(address(vault), assets, RECEIVER)); vm.startPrank(USER); @@ -177,6 +178,7 @@ contract ERC4626BundlerLocalTest is LocalTest { uint256 withdrawn = vault.previewRedeem(shares); + bundle.push(_erc20TransferFrom(address(vault), shares)); bundle.push(_erc4626Redeem(address(vault), shares, RECEIVER)); vm.startPrank(USER);