c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago 0xA5DF marked the issue as low quality report
0xA5DF
commented
1 year ago Warden didn't demonstrate how reentrancy can be used here. The line the warden is pointing to doesn't have any valid reentrancy issue AFAIK (there are other valid reentrancy issues, but not in that line)
luziusmeisser
commented
1 year ago Yes, I would give the credit to the other report mentioning ERC777. This one does not point to a valid weakness.
c4-sponsor
commented
1 year ago luziusmeisser marked the issue as sponsor disputed
c4-judge
commented
1 year ago hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/MintingHub.sol#L142
Vulnerability details
Impact
The code does not screen out for tokens that use the erc777 standard and therefore presents a re-entrancy risk via the token's callback function
Proof of Concept
https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/MintingHub.sol#L142
Tools Used
Manual
Recommended Mitigation Steps
Add in re-entrancy lock to function