code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

Add nonReentrant modifiers to uniswap position methods + Check effects pattern #118

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

tensors

Vulnerability details

I recommend adding nonReentrant modifiers to:

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L114 https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/LendingPair.sol#L103

Additionally, its best practice to do token transfers after all state changes are made, especially since NFTs have callbacks that may reenter the function.

talegift commented 3 years ago

This might be a good practice. But in our case, we have a hardcoded single ERC721 contract - Uniwap V3 Position Manager.

As the case of reentry is impossible with our implementation, the severity should be lowered to 0.

ghoul-sol commented 3 years ago

For a single reason hardcoded ERC721, this is a best practice recommendation