Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2022-08-olympus/blob/549b96bcf8b97807738572605f6b1e26b33ef411/src/modules/TRSRY.sol#L105-L119
token.safeTransferFrom() is called and after that state with the value is calcualted, if token can be a wrong or compromised contract this would lead to a clasic reentrancy attack that would transfer more from the balance than expected
src/modules/TRSRY.sol#L105-L119
Slither, manual analysis, surya
Follow CEI pattern or add a nonReentrant modifier
safeTransferFrom doesn't trigger a caller fallback.
safeTransferFrom
duplicate of #426 and #403 potentially
Closing as invalid. The function is marked already with a non-reentrant modifier.
Lines of code
https://github.com/code-423n4/2022-08-olympus/blob/549b96bcf8b97807738572605f6b1e26b33ef411/src/modules/TRSRY.sol#L105-L119
Vulnerability details
Reentrancy in repayLoan
Impact
token.safeTransferFrom() is called and after that state with the value is calcualted, if token can be a wrong or compromised contract this would lead to a clasic reentrancy attack that would transfer more from the balance than expected
Proof of Concept
src/modules/TRSRY.sol#L105-L119
tools
Slither, manual analysis, surya
Recommended steps
Follow CEI pattern or add a nonReentrant modifier