search

code-423n4 / 2022-01-livepeer-findings

0 stars 0 forks source link

Potential Reentrancy at multiple places #187

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0v3rf10w

Vulnerability details

Impact

Potential Reentrancy at multiple places

Proof of Concept

L2Migrator.finalizeMigrateDelegator(IMigrator.MigrateDelegatorParams) (contracts/L2/gateway/L2Migrator.sol#130-188):
L1Escrow.approve(address,address,uint256) (contracts/L1/escrow/L1Escrow.sol#21-28)
L1LPTGateway.finalizeInboundTransfer(address,address,address,uint256,bytes) (contracts/L1/gateway/L1LPTGateway.sol#136-159)
L1LPTGateway.outboundTransfer(address,address,uint256,uint256,uint256,bytes) (contracts/L1/gateway/L1LPTGateway.sol#80-123)
L1ArbitrumMessenger.sendTxToL2(address,address,uint256,uint256,uint256,uint256,uint256,bytes) (contracts/L1/gateway/L1ArbitrumMessenger.sol#55-77)
L1ArbitrumMessenger.sendTxToL2(address,address,uint256,uint256,uint256,uint256,uint256,bytes) (contracts/L1/gateway/L1ArbitrumMessenger.sol#55-77)
L1LPTDataCache.cacheTotalSupply(uint256,uint256,uint256) (contracts/L1/gateway/L1LPTDataCache.sol#35-52):
L1ArbitrumMessenger.sendTxToL2(address,address,uint256,uint256,uint256,uint256,uint256,bytes) (contracts/L1/gateway/L1ArbitrumMessenger.sol#55-77):
L1Migrator.migrateDelegator(address,address,bytes,uint256,uint256,uint256) (contracts/L1/gateway/L1Migrator.sol#156-193):
L1Migrator.migrateETH(uint256,uint256,uint256) (contracts/L1/gateway/L1Migrator.sol#303-328):
L1Migrator.migrateSender(address,address,bytes,uint256,uint256,uint256) (contracts/L1/gateway/L1Migrator.sol#259-294):
L1Migrator.migrateUnbondingLocks(address,address,uint256[],bytes,uint256,uint256,uint256) (contracts/L1/gateway/L1Migrator.sol#205-248):
L1ArbitrumMessenger.sendTxToL2(address,address,uint256,uint256,uint256,uint256,uint256,bytes) (contracts/L1/gateway/L1ArbitrumMessenger.sol#55-77):
DelegatorPool.claim(address,uint256) (contracts/L2/pool/DelegatorPool.sol#58-93):
L2LPTGateway.finalizeInboundTransfer(address,address,address,uint256,bytes) (contracts/L2/gateway/L2LPTGateway.sol#100-113):
L2LPTGateway.outboundTransfer(address,address,uint256,bytes) (contracts/L2/gateway/L2LPTGateway.sol#65-89):
L2ArbitrumMessenger.sendTxToL1(address,address,bytes) (contracts/L2/gateway/L2ArbitrumMessenger.sol#14-23):
L2Migrator.finalizeMigrateDelegator(IMigrator.MigrateDelegatorParams) (contracts/L2/gateway/L2Migrator.sol#130-188):
L2Migrator.claimStake(address,uint256,uint256,bytes32[],address) (contracts/L2/gateway/L2Migrator.sol#248-301):
L2Migrator.finalizeMigrateDelegator(IMigrator.MigrateDelegatorParams) (contracts/L2/gateway/L2Migrator.sol#130-188):
L2Migrator.finalizeMigrateDelegator(IMigrator.MigrateDelegatorParams) (contracts/L2/gateway/L2Migrator.sol#130-188):
L2Migrator.finalizeMigrateSender(IMigrator.MigrateSenderParams) (contracts/L2/gateway/L2Migrator.sol#215-233):
L2Migrator.finalizeMigrateUnbondingLocks(IMigrator.MigrateUnbondingLocksParams) (contracts/L2/gateway/L2Migrator.sol#194-209):
L2ArbitrumMessenger.sendTxToL1(address,address,bytes) (contracts/L2/gateway/L2ArbitrumMessenger.sol#14-23):
L2ArbitrumMessenger.sendTxToL1(address,address,bytes) (contracts/L2/gateway/L2ArbitrumMessenger.sol#14-23):

Recommended Mitigation Steps

Please use Reentrancy Guard from OZ on all these potential functions that can lead to reentrancy.

yondonfu commented 2 years ago

While these warnings were triggered likely due to calls to external contracts without a reentrancy guard, we do not believe reentrancy is actually possible in any of these functions due to the fact that the external contracts called have known implementations that would not re-enter.

0xleastwood commented 2 years ago

This is obviously a false positive produced by automated tooling. This is NOT valid, please avoid doing this in the future.