c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
minhquanym
commented
1 year ago Spam
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-lukso/contracts/LSP17ContractExtension/LSP17Extendable.sol#L73-L108
Vulnerability details
Impact
The potential vulnerability in the _fallbackLSP17Extendable() function lies in the usage of inline assembly. Inline assembly allows direct manipulation of low-level operations in Solidity contracts, bypassing some of the built-in security features. Inline assembly allows for low-level control of contract execution, which can increase the risk of reentrancy attacks.
Proof of Concept
https://github.com/code-423n4/2023-06-lukso/contracts/LSP17ContractExtension/LSP17Extendable.sol#L97
Tools Used
Manual analysis
Recommended Mitigation Steps
Follow best practices, and consider using higher-level, well-audited libraries or contracts whenever possible
Assessed type
Reentrancy