Reentrancy in _close()
#337
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-176
satisfactory
Finding meets requirement
Lines of code
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L483-L507
Vulnerability details
Impact
The contract fund could be drained due to reentrancy possibility in
_close()
.Proof of Concept
In
_close()
the token transfer happens before the storage state change ofids
. Hence, reentrancy is possible, as long as the token has the callback hook. For example, some ERC777 token, or even existing token could have this feature after upgrade.A malicious lender can call
close(id)
and reenter to drain the fund, or can use another address as the borrower to calldepositAndClose()
to do similar thing.Tools Used
Manual analysis.
Recommended Mitigation Steps
For the
_close()
function:nonReentrant
modifierThe text was updated successfully, but these errors were encountered: