Closed code423n4 closed 1 year ago
Can be QA if Lack of complete exploit path in the report
dmvt marked the issue as primary issue
Can be QA if Lack of complete exploit path in the report
We, wardens, should not make comments that will influence the judges' decisions. Judges will make the right decision
The linked code is a library function. Reentrancy protection is present on the actual function which is called by the end user here: https://github.com/code-423n4/2022-11-paraspace/blob/3e4e2e4e1322482dcdc6d342f8799cd44a3e42f5/paraspace-core/contracts/protocol/pool/PoolMarketplace.sol#L115
dmvt marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2022-11-paraspace/blob/main/paraspace-core/contracts/protocol/libraries/logic/MarketplaceLogic.sol#L229-L265
Vulnerability details
Impact
if the mint was initiated by a contract, then the contract is checked for its ability to receive ERC721 tokens. Without reentrancy guard, onERC721Received will allow an attacker controlled contract to call the mint again, which may not be desirable to some parties, like allowing minting more than allowed. https://www.paradigm.xyz/2021/08/the-dangers-of-surprising-code
executeAcceptBidWithCredit
has internal function_acceptBidWithCredit
;MarketplaceLogic.sol#L247
_acceptBidWithCredit
has internal function_repay
;MarketplaceLogic.sol#L353
_repay
has internal function_transferAndCollateralize
;MarketplaceLogic.sol#L503
_transferAndCollateralize
function useIERC721.safeTransferFrom
and this function has re-entrancy vulnerabilityMarketplaceLogic.sol#L593
Recommended Mitigation Steps
Use Openzeppelin or Solmate Re-Entrancy pattern Here is a example of a re-entrancy guard;