SamusElderg
commented
3 years ago Different to #132
Closed code423n4 closed 3 years ago
SamusElderg
commented
3 years ago Different to #132
SamusElderg
commented
3 years ago Duplicate of #202 (reentrancy)
ghoul-sol
commented
3 years ago There is not enough evidence that reentrancy can damage the protocol provided by warden. Making this non-critical as this is a best practice recommendation.
Handle
heiho1
Vulnerability details
Impact
Dao.bond(address,uint256) is external and potentially re-entrant, affecting membership, transfers, deposits and harvesting.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Router.sol#L229
https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy
Tools Used
Slither
Recommended Mitigation Steps
Function should be marked non-re-entrant, i.e. using OpenZeppelin, and mapMember_lastTime[msg.sender] should be updated prior to external calls.
https://docs.openzeppelin.com/contracts/2.x/api/utils#ReentrancyGuard-nonReentrant--