Handle

gpersoon

Vulnerability details

Impact

Most of the deposit/withdraw/borrow/repay functions have the modifier nonReentrant. However the uniswap v3 related functions don't have the modifier nonReentrant

As er721 tokens have an onERC721Received callback, the functions might be called in a reentrant way. This might also be combined with one of the functions that have a nonReentrant modifier.

Proof of Concept

https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/LendingPair.sol#L103 // functions without nonReentrant function depositUniPosition(address _account, uint _positionID) external { function withdrawUniPosition() external { function uniClaimDeposit() external { function uniClaimWithdraw() external {

// functions with nonReentrant function depositRepay(address _account, address _token, uint _amount) external nonReentrant { function depositRepayETH(address _account) external payable nonReentrant { function deposit(address _account, address _token, uint _amount) external override nonReentrant { function withdrawBorrow(address _token, uint _amount) external nonReentrant { function withdrawBorrowETH(uint _amount) external nonReentrant { function withdraw(address _token, uint _amount) external override nonReentrant { function withdrawAll(address _token) external override nonReentrant { function withdrawAllETH() external nonReentrant { function borrow(address _token, uint _amount) external nonReentrant { function repayAll(address _account, address _token, uint _maxAmount) external nonReentrant { function repayAllETH(address _account, uint _maxAmount) external payable nonReentrant { function repay(address _account, address _token, uint _amount) external nonReentrant { function collectSystemFee(address _token, uint _amount) external nonReentrant {

Tools Used

Recommended Mitigation Steps

Doublecheck if the uniswap v3 functions also need the nonReentrant modifier and add them is neccesary. If not necessary add a comment indicating this.

code-423n4 / 2021-09-wildcredit-findings