search

code-423n4 / 2022-03-lifinance-findings

6 stars 4 forks source link

There is a potential reentrancy attack in the AnyswapFacet contract. #94

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/AnyswapFacet.sol#L74-L123

Vulnerability details

Impact

Attacker can custom construct a malicious transferFrom function of ERC20 contract to perform a reentrancy attack on the startBridgeTokensViaAnyswap contract.

Proof of Concept

The startBridgeTokensViaAnyswap function does not perform a whitelist judgment on the input token address. Moreover, the contract does not have a reentrancy lock. An attacker can maliciously construct the transferFrom function of the ERC20 contract and conduct a reentrancy attack from LibAsset.transferFromERC20.

Tools Used

Recommended Mitigation Steps

H3xept commented 2 years ago

Duplicate of #109

gzeoneth commented 2 years ago

While the reentrancy is valid there are no exploit, changing to Med Risk.