prevent admin from accidentally being configured as a known subaccount

hoytech · hoytech · commit 0e0d94626a5c · 2025-10-29T16:04:43.000-04:00
- Spearbit #9
diff --git a/src/EulerSwapProtocolFeeConfig.sol b/src/EulerSwapProtocolFeeConfig.sol
@@ -29,6 +29,7 @@ contract EulerSwapProtocolFeeConfig is IEulerSwapProtocolFeeConfig, EVCUtil {
     mapping(address pool => Override) public overrides;
 
     error Unauthorized();
+    error InvalidAdminAddress();
     error InvalidProtocolFee();
     error InvalidProtocolFeeRecipient();
 
@@ -42,6 +43,8 @@ contract EulerSwapProtocolFeeConfig is IEulerSwapProtocolFeeConfig, EVCUtil {
     event OverrideRemoved(address indexed pool);
 
     constructor(address evc, address admin_) EVCUtil(evc) {
+        _validateAdminAddress(admin_);
+
         emit AdminUpdated(address(0), admin_);
 
         admin = admin_;
@@ -58,6 +61,8 @@ contract EulerSwapProtocolFeeConfig is IEulerSwapProtocolFeeConfig, EVCUtil {
 
     /// @inheritdoc IEulerSwapProtocolFeeConfig
     function setAdmin(address newAdmin) external onlyAdmin {
+        _validateAdminAddress(newAdmin);
+
         emit AdminUpdated(admin, newAdmin);
 
         admin = newAdmin;
@@ -104,4 +109,10 @@ contract EulerSwapProtocolFeeConfig is IEulerSwapProtocolFeeConfig, EVCUtil {
             fee = defaultFee;
         }
     }
+
+    /// @dev Ensures the admin is not a known sub-account, since they are not allowed
+    function _validateAdminAddress(address addr) internal view {
+        address owner = evc.getAccountOwner(addr);
+        require(owner == addr || owner == address(0), InvalidAdminAddress());
+    }
 }
diff --git a/test/Fees.t.sol b/test/Fees.t.sol
@@ -314,12 +314,20 @@ contract FeesTest is EulerSwapTestBase {
     }
 
     function test_fees_protocolFees_setAdmin() public {
+        // Register owner with EVC
+        evc.enableCollateral(address(this), address(0));
+
         address origAdmin = protocolFeeConfig.admin();
         assertEq(origAdmin, protocolFeeAdmin);
 
         vm.expectRevert(EulerSwapProtocolFeeConfig.Unauthorized.selector);
         protocolFeeConfig.setDefault(address(8888), 0.1e18);
 
+        // Can't set a subaccount
+        vm.expectRevert(EulerSwapProtocolFeeConfig.InvalidAdminAddress.selector);
+        vm.prank(protocolFeeAdmin);
+        protocolFeeConfig.setAdmin(address(uint160(address(this)) ^ 1));
+
         vm.expectEmit(true, true, true, true);
         emit EulerSwapProtocolFeeConfig.AdminUpdated(origAdmin, address(this));
         vm.prank(protocolFeeAdmin);
