The potential vulnerability in the _fallbackLSP17Extendable() function lies in the usage of inline assembly. Inline assembly allows direct manipulation of low-level operations in Solidity contracts, bypassing some of the built-in security features. Inline assembly allows for low-level control of contract execution, which can increase the risk of reentrancy attacks.
Lines of code
https://github.com/code-423n4/2023-06-lukso/contracts/LSP17ContractExtension/LSP17Extendable.sol#L73-L108
Vulnerability details
Impact
The potential vulnerability in the _fallbackLSP17Extendable() function lies in the usage of inline assembly. Inline assembly allows direct manipulation of low-level operations in Solidity contracts, bypassing some of the built-in security features. Inline assembly allows for low-level control of contract execution, which can increase the risk of reentrancy attacks.
Proof of Concept
https://github.com/code-423n4/2023-06-lukso/contracts/LSP17ContractExtension/LSP17Extendable.sol#L97
Tools Used
Manual analysis
Recommended Mitigation Steps
Follow best practices, and consider using higher-level, well-audited libraries or contracts whenever possible
Assessed type
Reentrancy