Re-entrancy at FiatTokenV2.sol

[code423n4]

Lines of code

https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L284-L285

Vulnerability details

Impact

A re-entrancy attack may drain the asset holder’s balance due to function / variable update order at FiatTokenV1.sol:284

Proof of Concept

function transferFrom(
    address from,
    address to,
    uint256 value
)
    external
    override
    whenNotPaused
    notBlocklisted(msg.sender)
    notBlocklisted(from)
    notBlocklisted(to)
    checkWhitelist(from, value)
    returns (bool)
{
    require(
        value <= allowed[from][msg.sender],
        "ERC20: transfer amount exceeds allowance"
    );
    _transfer(from, to, value);
    allowed[from][msg.sender] = allowed[from][msg.sender] - value;
    return true;
}

Tools Used

VS Code

Recommended Mitigation Steps

A mutex can be implemented like inheriting OZ ReentrancyGuard.sol

[retocrooman]

There is no problem because the call function is not used in transferFrom.