Attacker can custom construct a malicious transferFrom function of ERC20 contract to perform a reentrancy attack on the startBridgeTokensViaAnyswap contract.
Proof of Concept
The startBridgeTokensViaAnyswap function does not perform a whitelist judgment on the input token address. Moreover, the contract does not have a reentrancy lock. An attacker can maliciously construct the transferFrom function of the ERC20 contract and conduct a reentrancy attack from LibAsset.transferFromERC20.
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/AnyswapFacet.sol#L74-L123
Vulnerability details
Impact
Attacker can custom construct a malicious transferFrom function of ERC20 contract to perform a reentrancy attack on the startBridgeTokensViaAnyswap contract.
Proof of Concept
The startBridgeTokensViaAnyswap function does not perform a whitelist judgment on the input token address. Moreover, the contract does not have a reentrancy lock. An attacker can maliciously construct the transferFrom function of the ERC20 contract and conduct a reentrancy attack from LibAsset.transferFromERC20.
Tools Used
Recommended Mitigation Steps