search

code-423n4 / 2022-01-sherlock-findings

0 stars 0 forks source link

Arbitrager can potentially take more arbReward than expected. #198

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

wuwe1

Vulnerability details

Proof of Concept

https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L673

https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L488

If malicious arbitrager can get control flow from this expression token.safeTransfer(_receiver, _amount);. He can reentry arbRestake and take more arbReward than expected.

https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L467

Arbitrager can reentry arbRestake

https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/Sherlock.sol#L491

This line will not revert because _stakeShares ≤ stakeShares[_id] * 0.2

Recommended Mitigation Steps

Use ReentrancyGuard to guard arbRestake

Evert0x commented 2 years ago

there is no reentry on erc20 safetransfer

jack-the-pug commented 2 years ago

token is known to be USDC.