Closed code423n4 closed 2 years ago
defsec
The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability.
function finishDepositStable(uint256 idx) external { require(depositOperations.length > idx, "not running"); Operation storage operation = depositOperations[idx]; ethAnchorRouter.finishDepositStable(operation.operator); pendingDeposits -= operation.amount; convertedUst += operation.amount; operation.operator = depositOperations[depositOperations.length - 1] .operator; operation.amount = depositOperations[depositOperations.length - 1] .amount; depositOperations.pop(); }
Code Review
Follow the check effect interaction pattern or put re-entrancy guard.
this is a duplicate. can't find the original right now, but there's been a bunch of reports regarding reentrancy overall
duplicate of #3
Handle
defsec
Vulnerability details
Impact
The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Follow the check effect interaction pattern or put re-entrancy guard.