0xywzx
commented
2 years ago Thank you for your issue.
We believe that re-entrancy doesn't happen in this code, but how it can happen if you know that.
Even if re-entrancy happens, it should not be a problem if the order of approve() and transfer() is reversed.
Lines of code
https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v1/FiatTokenV1.sol#L275-L276
Vulnerability details
Impact
FiatTokenV1.sol:275 – A re-entrancy attack may drain the asset holder’s balance due to function / variable update order.
Proof of Concept
Tools Used
VS Code
Recommended Mitigation Steps
A mutex can be implemented like inheriting OZ ReentrancyGuard.sol