Reentrancy attacks in mint
function
#489
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-400
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Position.sol#L126-L161
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L156-L210
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L307-L349
Vulnerability details
Author: rotcivegaf
Impact
The root of the problem are in the
mint
who use_safeMint
. This mint call the functiononERC721Received
of the token recipient, generating a possible reentrancy attackProof of Concept
A wallet can call the
initiateMarketOrder
orinitiateLimitOrder
and this functions call themint
function who inside call the OZ_safeMint
When the the
_safeMint
callonERC721Received
of the_mintTrade.account
, this one have the possibility to call functions and the lines L149-L160 ofmint
are not execute yet, also L207-L210 ofinitiateMarketOrder
and L347-L348 ofinitiateLimitOrder
The
_mintTrade.account
can call:executeLimitOrder
and avoidrequire(block.timestamp >= limitDelay[_id]);
cancelLimitOrder
,liquidatePosition
,initiateCloseOrder
andlimitClose
burning the nftTools Used
Review
Recommended Mitigation Steps
Can use reentrancy guards in the three function
mint
,initiateMarketOrder
andinitiateLimitOrder
Or use
_mint
instead of_safeMint
The text was updated successfully, but these errors were encountered: