Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

ignacio - LACK OF REENTRANCY GUARDS ON EXTERNAL FUNCTIONS #119

Closed
sherlock-admin opened this issue Oct 28, 2022 · 1 comment
Closed

ignacio - LACK OF REENTRANCY GUARDS ON EXTERNAL FUNCTIONS #119

sherlock-admin opened this issue Oct 28, 2022 · 1 comment
Labels
Disagree With Severity Has Duplicates Medium Will Fix

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Oct 28, 2022
edited by hrishibhat
Loading

ignacio

medium

LACK OF REENTRANCY GUARDS ON EXTERNAL FUNCTIONS

Summary

The following external functions within the mover contracts contain function calls (e.g. safeTransferFrom, safeTransfer) that pass control to external contracts. Additionally, if ERC777 tokens are being used within an order, it contains various hooks that will pass the execution control to the external party.
No re-entrancy attacks that could lead to loss of assets were observed during the assessment.

The following shows examples of function call being made to an external contract

https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ExchangeProxy.sol#L99
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ExchangeProxy.sol#L197
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ExchangeProxy.sol#L245
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/ExchangeProxy.sol#L258
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L317
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L251
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L268
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L331

Impact

No re-entrancy attacks that could lead to loss of assets were observed during the assessment.

Tool used

Manual Review

Recommendation

It is recommended to follow the good security practices and apply necessary reentrancy prevention by utilizing the nonReentrant modifier from Openzeppelin Library to block possible re-entrancy.
@McMannaman
Copy link

Duplicate of #44

This is more of an qa/recommendation than an example of attack vector/vulnerability.

It is recommended to follow the good security practices and apply necessary reentrancy prevention

But I tend to agree with this one, yes. Adding a fix label.

@hrishibhat hrishibhat mentioned this issue Oct 31, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Disagree With Severity Has Duplicates Medium Will Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@McMannaman @hrishibhat @sherlock-admin