code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Re-entrancy in contracts/TroveManager.sol #185

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

heiho1

Vulnerability details

Impact

=> Function applyPendingRewards() on line 307 potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes _applyPendingRewards() which potentially impacts collateral and debt rewards from redistributions.

=> Function redeemCollateral() on line 260 is potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes _applyPendingRewards() which potentially impacts collateral redemption.

Proof of Concept

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/TroveManager.sol#L307

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/TroveManager.sol#L260

Tools Used

Slither

Recommended Mitigation Steps

Potential solution is a re-entrancy guard similar to https://docs.openzeppelin.com/contracts/4.x/api/security#ReentrancyGuard

kingyetifinance commented 2 years ago

@LilYeti: Duplicate with reentrancy description #57

alcueca commented 2 years ago

Duplicate of #183

alcueca commented 2 years ago

Duplicate of issue by the same warden