An attacker could call getPriceAndFee() multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic.
Proof of Concept
getPriceAndFee() loops through share amounts calculating cumulative prices and fees without enforced atomicity.
Lines of code
https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/bonding_curve/LinearBondingCurve.sol#L14-L25
Vulnerability details
Impact
An attacker could call getPriceAndFee() multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic.
Proof of Concept
getPriceAndFee() loops through share amounts calculating cumulative prices and fees without enforced atomicity.
An attacker could:
For example, incrementing the amount between calls to deduce pricing formula.
Tools Used
Manual Review
Recommended Mitigation Steps
Implement reentrancy guard modifier like nonReentrant
Assessed type
Reentrancy