Open code423n4 opened 2 years ago
Valid point. We are going to use if-revert
s with custom error messages, and therefore it will be error NoReentering();
This was done in release candidate contract via custom error messages. For this specific case, the custom error message is defined here and thrown here.
Handle
Czar102
Vulnerability details
Impact
Wrong revert messages might lead to confusion.
Proof of Concept
In line 52 of XDEFIDistribution, the reason for a fail of a reentrant call is
"LOCKED"
. In DeFi, it usually means that contract's functionality is temporarily limited. This is not true in this case.Recommended Mitigation Steps
Consider changing the revert string to
"REENTRY_NOT_ALLOWED"
.