Re-entrancy mitigation #70
Labels
1 (Low Risk)
bug
Something isn't working
sponsor acknowledged
Sponsor acknowledged, but not resolving
Handle
pauliax
Vulnerability details
Impact
I see no re-entrancy mitigations. Contracts interact with various outside sources (tokens, aave pools, other possible strategies that may be added in the future, etc). so, for instance, now you have to be careful and do not allow tokens that have a receiver callback (e.g. erc777) or untrustable sources of yield (strategies).
Recommended Mitigation Steps
Consider using ReentrancyGuard on main action functions: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/ReentrancyGuard.sol
The text was updated successfully, but these errors were encountered: