code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-olympus/blob/549b96bcf8b97807738572605f6b1e26b33ef411/src/modules/TRSRY.sol#L105-L119

Vulnerability details

Reentrancy in repayLoan

Impact

token.safeTransferFrom() is called and after that state with the value is calcualted, if token can be a wrong or compromised contract this would lead to a clasic reentrancy attack that would transfer more from the balance than expected

Proof of Concept

[ ] ID-201 Reentrancy in OlympusTreasury.repayLoan(ERC20,uint256): External calls:
- token.safeTransferFrom(msg.sender,address(this),amount) State variables written after the call(s):
- reserveDebt[token_][msg.sender] -= received

src/modules/TRSRY.sol#L105-L119

tools

Slither, manual analysis, surya

Recommended steps

Follow CEI pattern or add a nonReentrant modifier

0xSorryNotSorry commented 2 years ago

safeTransferFrom doesn't trigger a caller fallback.

0xLienid commented 2 years ago

duplicate of #426 and #403 potentially

0xean commented 1 year ago

Closing as invalid. The function is marked already with a non-reentrant modifier.

code-423n4 / 2022-08-olympus-findings

Reentrancy in repayLoan #503