search

code-423n4 / 2021-07-spartan-findings

0 stars 0 forks source link

Pool.burnSynth(address,address) is potentially reentrant #203

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

heiho1

Vulnerability details

Impact

Pool.burnSynth(address,address) is potentially a reentrant method because it executes transfers and burning before updating balances/metrics.

Proof of Concept

https://github.com/code-423n4/2021-07-spartan/blob/e2555aab44d9760fdd640df9095b7235b70f035e/contracts/Pool.sol#L245

Tools Used

Slither

Recommended Mitigation Steps

The function should update state before external calls.

Consider using a nonReentrant guard as provided by OpenZeppelin:

https://docs.openzeppelin.com/contracts/4.x/api/security#ReentrancyGuard

SamusElderg commented 3 years ago

Different to #132

ghoul-sol commented 3 years ago

There is not enough evidence that reentrancy can damage the protocol provided by warden. Making this non-critical as this is a best practice recommendation.