diff --git a/lib/katana-v3-contracts b/lib/katana-v3-contracts index 0f0bb47..03c8017 160000 --- a/lib/katana-v3-contracts +++ b/lib/katana-v3-contracts @@ -1 +1 @@ -Subproject commit 0f0bb47176ad1d535e88282bd00f17139862f576 +Subproject commit 03c80179e04f40d96f06c451ea494bb18f2a58fc diff --git a/logs/contract-code-sizes.log b/logs/contract-code-sizes.log index 99200ba..184c29b 100644 --- a/logs/contract-code-sizes.log +++ b/logs/contract-code-sizes.log @@ -1,7 +1,7 @@ | Contract | Size (B) | Margin (B) | |-----------------------------|----------|------------| | Address | 58 | 24,518 | -| AggregateRouter | 14,082 | 10,494 | +| AggregateRouter | 13,554 | 11,022 | | BytesLib | 58 | 24,518 | | Commands | 58 | 24,518 | | Constants | 58 | 24,518 | diff --git a/script/UpgradeKatanaGovernance.s.sol b/script/UpgradeKatanaGovernance.s.sol index 0803e2d..3e3a996 100644 --- a/script/UpgradeKatanaGovernance.s.sol +++ b/script/UpgradeKatanaGovernance.s.sol @@ -46,5 +46,9 @@ abstract contract UpgradeKatanaGovernance is DeployAggregateRouter { function logParams() internal view override { console.log("nonfungiblePositionManager:", nonfungiblePositionManager); + console.log("v3Migrator:", v3Migrator); + console.log("legacyPermissionedRouter:", legacyPermissionedRouter); + console.log("katanaGovernanceProxy:", katanaGovernanceProxy); + console.log("proxyAdmin:", proxyAdmin); } } diff --git a/script/ronin-testnet/DeployKatanaOperationTestnet.s.sol b/script/ronin-testnet/DeployKatanaOperationTestnet.s.sol index e7cd4ad..3c47622 100644 --- a/script/ronin-testnet/DeployKatanaOperationTestnet.s.sol +++ b/script/ronin-testnet/DeployKatanaOperationTestnet.s.sol @@ -7,19 +7,19 @@ import { UpgradeKatanaGovernance } from "../UpgradeKatanaGovernance.s.sol"; contract DeployKatanaOperationTestnet is UpgradeKatanaGovernance { function setUp() public override { params = RouterParameters({ - permit2: 0x1Bd5aA9818D94DcABfE02794553e76f7Cceea0cd, + permit2: 0xCcf4a457E775f317e0Cf306EFDda14Cc8084F82C, weth9: 0xA959726154953bAe111746E265E6d754F48570E6, governance: 0x247F12836A421CDC5e22B93Bf5A9AAa0f521f986, v2Factory: 0x86587380C4c815Ba0066c90aDB2B45CC9C15E72c, - v3Factory: 0xa6d02D530e870A9753a2E2EbEb03Ff05b501587d, + v3Factory: 0x4E7236ff45d69395DDEFE1445040A8f3C7CD8819, pairInitCodeHash: 0x1cc97ead4d6949b7a6ecb28652b21159b9fd5608ae51a1960224099caab07dca, poolInitCodeHash: 0xb381dabeb6037396a764deb39e57a4a3f75b641ce3e9944b1e4b18d036e322e1 }); proxyAdmin = 0x505d91E8fd2091794b45b27f86C045529fa92CD7; - nonfungiblePositionManager = 0xe14cd235Ce8dCA3dD04db01E788671f25675c25A; - v3Migrator = 0xAb520070A546E81E155Ce3c927366bbB3e889648; + nonfungiblePositionManager = 0x7C2716803c09cd5eeD78Ba40117084af3c803565; + v3Migrator = 0x8cF4743642acF849eff54873e24d46D0f3437593; legacyPermissionedRouter = 0x3BD36748D17e322cFB63417B059Bcc1059012D83; katanaGovernanceProxy = 0x247F12836A421CDC5e22B93Bf5A9AAa0f521f986; diff --git a/src/aggregate-router/base/Dispatcher.sol b/src/aggregate-router/base/Dispatcher.sol index acd719b..4dd2749 100644 --- a/src/aggregate-router/base/Dispatcher.sol +++ b/src/aggregate-router/base/Dispatcher.sol @@ -48,6 +48,7 @@ abstract contract Dispatcher is Payments, V2SwapRouter, V3SwapRouter, LockAndMsg bytes calldata path = inputs.toBytes(3); address payer = payerIsUser ? lockedBy : address(this); v3SwapExactInput(map(recipient), amountIn, amountOutMin, path, payer); + checkAuthorizedV3Path(path); // place the check here to avoid stack too deep error } else if (command == Commands.V3_SWAP_EXACT_OUT) { // equivalent: abi.decode(inputs, (address, uint256, uint256, bytes, bool)) address recipient; @@ -64,6 +65,7 @@ abstract contract Dispatcher is Payments, V2SwapRouter, V3SwapRouter, LockAndMsg bytes calldata path = inputs.toBytes(3); address payer = payerIsUser ? lockedBy : address(this); v3SwapExactOutput(map(recipient), amountOut, amountInMax, path, payer); + checkAuthorizedV3Path(path); } else if (command == Commands.PERMIT2_TRANSFER_FROM) { // equivalent: abi.decode(inputs, (address, address, uint160)) address token; diff --git a/src/aggregate-router/modules/katana/v3/V3SwapRouter.sol b/src/aggregate-router/modules/katana/v3/V3SwapRouter.sol index ed0fb4d..e81c1ea 100644 --- a/src/aggregate-router/modules/katana/v3/V3SwapRouter.sol +++ b/src/aggregate-router/modules/katana/v3/V3SwapRouter.sol @@ -140,6 +140,16 @@ abstract contract V3SwapRouter is KatanaImmutables, Permit2Payments, IKatanaV3Sw maxAmountInCached = DEFAULT_MAX_AMOUNT_IN; } + function checkAuthorizedV3Path(bytes calldata path) internal view { + uint256 length = path.length / Constants.NEXT_V3_POOL_OFFSET + 1; + address[] memory tokens = new address[](length); + for (uint256 i; i < length; ++i) { + tokens[i] = path.decodeFirstToken(); + if (i + 1 < length) path = path.skipToken(); + } + if (!IKatanaGovernance(KATANA_GOVERNANCE).isAuthorized(tokens, msg.sender)) revert V3UnauthorizedSwap(); + } + /// @dev Performs a single swap for both exactIn and exactOut /// For exactIn, `amount` is `amountIn`. For exactOut, `amount` is `-amountOut` function _swap(int256 amount, address recipient, bytes calldata path, address payer, bool isExactIn) @@ -148,11 +158,6 @@ abstract contract V3SwapRouter is KatanaImmutables, Permit2Payments, IKatanaV3Sw { (address tokenIn, uint24 fee, address tokenOut) = path.decodeFirstPool(); - address[] memory tokens = new address[](2); - tokens[0] = tokenIn; - tokens[1] = tokenOut; - if (!IKatanaGovernance(KATANA_GOVERNANCE).isAuthorized(tokens, msg.sender)) revert V3UnauthorizedSwap(); - zeroForOne = isExactIn ? tokenIn < tokenOut : tokenOut < tokenIn; (amount0Delta, amount1Delta) = IKatanaV3Pool(computePoolAddress(tokenIn, tokenOut, fee)).swap(