H3xept
commented
2 years ago Duplicate of #109
Closed code423n4 closed 2 years ago
H3xept
commented
2 years ago Duplicate of #109
gzeoneth
commented
2 years ago Warden submitted multiple QA Report #153.
Potential swap() Reentrancy Attack
Description
A malicious ERC20 token can be supplied as the input token.
_beforeTokenTransfer()or_afterTokenTransfer()of the malicious ERC20 token can be modiefied to perform the reentracy attack.Permalinks
https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Libraries/LibSwap.sol#L34
Mitigation
It is recommended to applied a mutex lock or OpenZeppelin's ReentrancyGuard to ensure that the
swap()will not expose to reentracy attack.More Note
I marked this as "Potential" because I spotted this during last 8 hrs of the contest, didn't have much time to conduct a valid proof of concept.