search

code-423n4 / 2022-12-tigris-findings

8 stars 4 forks source link

SWC-107 Reentrancy CWE-841 Improper Enforcement of Behavioral Workflow #122

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L163

Vulnerability details

Impact

Reentrancy vulnerability can call the fallback function for cancelLimitOrder.

Potential violation of Checks-Effects-Interaction pattern in Trading.initiateMarketOrder(struct ITrading.TradeInfo,struct PriceData,bytes,struct ITrading.ERC20PermitData,address): Could potentially lead to re-entrancy vulnerability.

Proof of Concept

Attack code can be found at: https://github.com/gbadebosmith/ouch/blob/main/AttackTrading.sol Victim code can be found at: https://github.com/gbadebosmith/ouch/blob/main/Trading.sol

Tools Used

Remix IDE

Recommended Mitigation Steps

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient quality

GalloDaSballo commented 1 year ago

Not sufficient to point to a vulnerability, you must show POC and impact