Detailed description of the impact of this finding.
No protection against reentrancy attacks, for example, the pay function called in the mintCallback function does not check for reentrancy before performing an external call.
No checking of return values of external calls made in the contract, which can lead to unintended behavior if an external contract unexpectedly reverts or throws an exception.
No emergency stop mechanism is present in the contract, which makes it vulnerable to potential malicious attacks.
Unvalidated user inputs, for example, the LendgineAddress.computeAddress function is not validated to ensure that the computed address is a valid contract.
No value overflow protection for arithmetic operations, for example, the SafeCast.toInt256 function that is used in the mintCallback function can result in unexpected behavior if it overflows.
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/periphery/LendgineRouter.sol#L87
Vulnerability details
Impact
Detailed description of the impact of this finding.
No protection against reentrancy attacks, for example, the pay function called in the mintCallback function does not check for reentrancy before performing an external call. No checking of return values of external calls made in the contract, which can lead to unintended behavior if an external contract unexpectedly reverts or throws an exception. No emergency stop mechanism is present in the contract, which makes it vulnerable to potential malicious attacks. Unvalidated user inputs, for example, the LendgineAddress.computeAddress function is not validated to ensure that the computed address is a valid contract. No value overflow protection for arithmetic operations, for example, the SafeCast.toInt256 function that is used in the mintCallback function can result in unexpected behavior if it overflows.