Closed code423n4 closed 2 years ago
tensors
It is best to transfer tokens to the user after all smart contract logic has been done to avoid any possible reentrancies. See, https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html for examples.
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L85-L87
Rewrite the code so that transfers to the user happen last.
Duplicate of #97
Handle
tensors
Vulnerability details
Impact
It is best to transfer tokens to the user after all smart contract logic has been done to avoid any possible reentrancies. See, https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html for examples.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Auction.sol#L85-L87
Recommended Mitigation Steps
Rewrite the code so that transfers to the user happen last.