GalloDaSballo
commented
2 years ago I agree that since the function can potentially interact with any ERC20like token, the function is vulnerable to re-entrancy, because we don't have any specific POC for an attack, this is a medium severity finding
Handle
pauliax
Vulnerability details
Impact
function createBasket in Factory should also be nonReentrant as it interacts with various tokens inside the loop and these tokens may contain callback hooks.
Recommended Mitigation Steps
Add nonReentrant modifier to the declaration of createBasket.