search

code-423n4 / 2022-01-timeswap-findings

2 stars 0 forks source link

Missing noreentrant check on mint function #147

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Fitraldys

Vulnerability details

Impact

in https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Convenience/contracts/CollateralizedDebt.sol#L76 there is no reentrant check, because when using _safeMint(), the function will make a call to the to address, through https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Convenience/contracts/base/ERC721.sol#L97 / _checkOnERC721Received, that will call to the user to address, and the to address is controllable by the to address.

Proof of Concept

https://github.com/code-423n4/2022-01-timeswap/blob/main/Timeswap/Timeswap-V1-Convenience/contracts/CollateralizedDebt.sol#L76

amateur-dev commented 2 years ago

Similar issue reported over here #43 ; hence closing this

0xean commented 2 years ago

bumping sev to match dupe