Detailed description of the impact of this finding.
No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed.
Proof of Concept
To demonstrate the high level vulnerability, a malicious contract that calls the createLendgine function, and inside the Lendgine contract, call the malicious contract again. This can be done until the contract runs out of gas, effectively freezing the contract and its funds.
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Factory.sol#L2
Vulnerability details
Impact
Detailed description of the impact of this finding.
No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed.
Proof of Concept
To demonstrate the high level vulnerability, a malicious contract that calls the createLendgine function, and inside the Lendgine contract, call the malicious contract again. This can be done until the contract runs out of gas, effectively freezing the contract and its funds.