mikeyrf
commented
2 years ago sponsor acknowledged reason - plan to use lock() on functions in OverlayV1Market.sol instead
Open code423n4 opened 3 years ago
mikeyrf
commented
2 years ago sponsor acknowledged reason - plan to use lock() on functions in OverlayV1Market.sol instead
Handle
jayjonah8
Vulnerability details
Impact
The main functions in OverlayV1OVLCollateral.sol should have reentrancy guard modifiers on them as an added layer of security to protect against exploits especially since the protocol uses erc1155 which has a callback allowing someone to reenter into the contract.
Proof of Concept
https://github.com/code-423n4/2021-11-overlay/blob/main/contracts/collateral/OverlayV1OVLCollateral.sol
Tools Used
Manual code review
Recommended Mitigation Steps
Use the OpenZeppelin ReentrancyGuard.sol on the main functions users will interact with such as build(), unwind(), liquidate() and also disburse()
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/ReentrancyGuard.sol