GalloDaSballo
commented
2 years ago Disagree with finding
Also the warden didn't show any path for re-entrancy
Additionally that would defeat the purpose of the helper being a permissionless helper that anyone can use
Flagging as invalid
Handle
tensors
Vulnerability details
Impact
I strongly recommend adding a nonreentrant modifier on the functions within VaultHelper.sol The contract makes a bunch of unsafe external calls to the user submitted addresses _vault and _gauge. Also, add some checks to make sure _vault and _gauge are actually protocol vaults and gauges. Otherwise, contract execution is given over to potentially malicious contracts.
An ounce of prevention is worth a pound of cure.
Proof of Concept
https://github.com/code-423n4/2021-09-yaxis/blob/main/contracts/v3/VaultHelper.sol
Recommended Mitigation Steps
Add a nonreentrant modifier throughout the file.