Closed code423n4 closed 2 years ago
Based on the example given, I don't think reentrancy is possible because the primary check (revert if amount > o.principal
or amount > o.premium
) and update (filled[hash] += a;
) still occurs before any transfers are done so even if control is given back to the user, as long as the order isn't completely filled, the user can call the functions again.
agree with @STYJ. Though I could try creating a mock 777
implementation and trying to circumvent the guards in place. Labelling as maybe for now
we don't have any ERC777 in the protocol
we don't have any ERC777 in the protocol
This makes sense to not support ERC777 and I believe this claim is a bit esoteric. That said, the recommendation to protect against reentrancy is sound and perhaps all transfer calls should be moved to the end of the function to follow the Check-Effects-Iteraction pattern.
Downgrading to QA.
Warden note the existing use of the Safe
library too
marking as duplicate of #143 wardens QA report.
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L311-L334
Vulnerability details
Impact
Allows attacker to sell or buy more tokens than what their counterpart has signed for.
Proof of Concept
If underlying token is ERC777 attacker (
msg.sender
) can take control of execution onSafe.transferFrom(uToken, o.maker, msg.sender, premiumFilled);
and callinitiate()
again to sell morenTokens
than whato.maker
wants to buy within that order (assuming they have enough balance).https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L151-L179
If underlying token is ERC777 attacker (
msg.sender
) can take control of execution onSafe.transferFrom(uToken, o.maker, msg.sender, principalFilled - a);
and callexit()
again to buy morenTokens
than whato.maker
wants to sell within that order (assuming they have enough balance).https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L280-L304
If underlying token is ERC777 attacker (
msg.sender
) can take control of execution onSafe.transferFrom(uToken, o.maker, msg.sender, premiumFilled);
and callexit()
again to sell morenTokens
than whato.maker
wants to buy within that order (assuming they have enough balance).https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L311-L334
If underlying token is ERC777 attacker (
msg.sender
) can take control of execution onSafe.transfer(uToken, msg.sender, premiumFilled - fee);
and callexit()
again to sell morenTokens
than whato.maker
wants to buy within that order (assuming they have enough balance).https://github.com/code-423n4/2022-07-swivel/blob/daf72892d8a8d6eaa43b9e7d1924ccb0e612ee3c/Swivel/Swivel.sol#L341-L369
Tools Used
Manual Review
Recommended Mitigation Steps
Add a non-reetrant modifier (from OpenZeppelin) to
initiate()
andexit()
.