Most of the ..Internal functions in CToken.sol have the modifier nonReentrant, however there is one exception:
seizeInternal
Proof of Concept
CToken.sol:
function mintInternal(uint mintAmount) internal nonReentrant returns (uint, uint) {
function redeemInternal(uint redeemTokens) internal nonReentrant returns (uint) {
function redeemUnderlyingInternal(uint redeemAmount) internal nonReentrant returns (uint) {
function borrowInternal(uint borrowAmount) internal nonReentrant returns (uint) {
function repayBorrowInternal(uint repayAmount) internal nonReentrant returns (uint, uint) {
function repayBorrowBehalfInternal(address borrower, uint repayAmount) internal nonReentrant returns (uint, uint) {
function liquidateBorrowInternal(address borrower, uint repayAmount, CTokenInterface cTokenCollateral) internal nonReentrant returns (uint, uint) {
function seizeInternal(address seizerToken, address liquidator, address borrower, uint seizeTokens) internal returns (uint) {
function _addReservesInternal(uint addAmount) internal nonReentrant returns (uint) {
Tools Used
grep
Recommended Mitigation Steps
Double check if seizeInternal should also have the nonReentrant modifier.
Note if the nonReentrant has to be added then the nonReentrant modifier of function seize probably has to be removed.
Handle
gpersoon
Vulnerability details
Impact
Most of the ..Internal functions in CToken.sol have the modifier nonReentrant, however there is one exception: seizeInternal
Proof of Concept
CToken.sol: function mintInternal(uint mintAmount) internal nonReentrant returns (uint, uint) { function redeemInternal(uint redeemTokens) internal nonReentrant returns (uint) { function redeemUnderlyingInternal(uint redeemAmount) internal nonReentrant returns (uint) { function borrowInternal(uint borrowAmount) internal nonReentrant returns (uint) { function repayBorrowInternal(uint repayAmount) internal nonReentrant returns (uint, uint) { function repayBorrowBehalfInternal(address borrower, uint repayAmount) internal nonReentrant returns (uint, uint) { function liquidateBorrowInternal(address borrower, uint repayAmount, CTokenInterface cTokenCollateral) internal nonReentrant returns (uint, uint) { function seizeInternal(address seizerToken, address liquidator, address borrower, uint seizeTokens) internal returns (uint) { function _addReservesInternal(uint addAmount) internal nonReentrant returns (uint) {
Tools Used
grep
Recommended Mitigation Steps
Double check if seizeInternal should also have the nonReentrant modifier. Note if the nonReentrant has to be added then the nonReentrant modifier of function seize probably has to be removed.