finalizeInboundTransfer() may be attacked in reentrant ways.
Proof of Concept
finalizeInboundTransfer() is supposed to transfer token from escrow contract to _to address. However, this function is not protected with NonReentrant modifier. So if the _to address or other parties implemented malicious logic to perform reentrance attack, it may drain out the token in the escrow address.
Tools Used
Recommended Mitigation Steps
Add NonReentrant modifier to the function signature, as shown below.
function finalizeInboundTransfer(
) external payable override notPaused onlyL2Counterpart nonReentrant{
Lines of code
https://github.com/code-423n4/2022-10-thegraph/blob/309a188f7215fa42c745b136357702400f91b4ff/contracts/gateway/L1GraphTokenGateway.sol#L269
Vulnerability details
Impact
finalizeInboundTransfer() may be attacked in reentrant ways.
Proof of Concept
finalizeInboundTransfer() is supposed to transfer token from escrow contract to _to address. However, this function is not protected with NonReentrant modifier. So if the _to address or other parties implemented malicious logic to perform reentrance attack, it may drain out the token in the escrow address.
Tools Used
Recommended Mitigation Steps
Add NonReentrant modifier to the function signature, as shown below.
function finalizeInboundTransfer( ) external payable override notPaused onlyL2Counterpart nonReentrant{