PierrickGT
commented
2 years ago As mentioned by the warden, the ticket contract won't be a malicious one so no reentrancy attack is possible. For this reason, I have disputed the issue.
Closed code423n4 closed 2 years ago
PierrickGT
commented
2 years ago As mentioned by the warden, the ticket contract won't be a malicious one so no reentrancy attack is possible. For this reason, I have disputed the issue.
0xleastwood
commented
2 years ago There is no attack vector outlined by the warden. The ticket contract is public and known, so its important to link potential reentrancy vectors to the current implementation for Ticket.sol.
Possible Reentrancy attack
In _executeCall function at Delegation.sol#L63, call to external contract is made via to.call{ value: value }(data);
Although from TWABDelegator contract it seems that the to address (Ticket) in _executeCall is trustworthy but still it is best to use prevention from Reentrancy attack.
Recommendation: OpenZeppelin has it’s own implementation called ReentrancyGuard. This library provides a modifier you can apply to any function called nonReentrant that guards the function from reentrancy attacks