Multiple Reentrancy possible, might lead to loss of funds. A lot of functions are found. hence, for all functions related with external calls, it is advised to use Reentrancy guard and nonReentrant() from OZ.
Proof of Concept
( Non-exhaustive ) :-
Reentrancy in SherBuy.execute(uint256) (contracts/SherBuy.sol#157-176)
Reentrancy in SherClaim.add(address,uint256) (contracts/SherClaim.sol#58-71)
Reentrancy in Sherlock._redeemShares(uint256,uint256,address) (contracts/Sherlock.sol#480-494)
Reentrancy in SherlockProtocolManager._forceRemoveProtocol(bytes32,address) (contracts/managers/SherlockProtocolManager.sol#382-414)
Recommended Mitigation Steps
It is advised to use Reentrancy guard and nonReentrant() from OZ.
CloudEllie
commented
2 years ago
Handle
0v3rf10w
Vulnerability details
Impact
Multiple Reentrancy possible, might lead to loss of funds. A lot of functions are found. hence, for all functions related with external calls, it is advised to use Reentrancy guard and nonReentrant() from OZ.
Proof of Concept
Recommended Mitigation Steps
It is advised to use Reentrancy guard and nonReentrant() from OZ.