frank-beard
commented
2 years ago Closed code423n4 closed 2 years ago
frank-beard
commented
2 years ago 
GalloDaSballo
commented
2 years ago Duplicate of #270
Handle
0xRajeev
Vulnerability details
Impact
With the use of untrusted tokens proposed by the publisher, coupled with the lack of reentrancy guards and absence of adherence to the checks-effects-interactions pattern, reentrancies are possible in multiple places. While it is not clear that they can be obviously abused to cause vulnerabilities, it may nevertheless be critical to evaluate assumptions and mitigate reentrancy risks.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L82-L84
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Basket.sol#L96-L97
Tools Used
Manual Analysis
Recommended Mitigation Steps
Evaluate trust/threat assumptions and mitigate reentrancy risks by using CEI pattern and/or reentrancy guards.