Reentracy attack on 'initiateLimitOrder()' and 'cancelLimitOrder' #357
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-400
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L314
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L355
Vulnerability details
Impact
External functions of Trading.sol is susceptible to reentrancy attack, a working attack example on 'initiateLimitOrder()' and 'cancelLimitOrder' is included in this submission which will cause
<1> Cancelled order is still in
limitOrders()
<2> Other users' order is removed from
limitOrders()
Proof of Concept
The working attack contract instance, put it into a new
ReentrancyAttacker.sol
file ofcontracts
directoryThe test case shows how the attack works
The test result
Tools Used
hardhat
Recommended Mitigation Steps
Add reentrancy protection for the following external functions
The text was updated successfully, but these errors were encountered: