search

code-423n4 / 2024-01-renft-findings

2 stars 0 forks source link

Hook Reentrancy Attack #523

Closed c4-bot-7 closed 10 months ago

c4-bot-7 commented 10 months ago

Lines of code

https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/policies/Stop.sol#L194

Vulnerability details

The contract calls external hooks within the _removeHooks function without any reentrancy protection, which could be exploited by a malicious hook to re-enter the contract and manipulate its state.

function _removeHooks(
    Hook[] calldata hooks,
    Item[] calldata rentalItems,
    address rentalWallet
) internal {
    // ... existing code ...
}

Mitigation

The reentrancy guard can be applied here to protect against reentrancy attacks from hooks.

// Use the nonReentrant modifier from the previous mitigation
function _removeHooks(
    Hook[] calldata hooks,
    Item[] calldata rentalItems,
    address rentalWallet
) internal nonReentrant {
    // ... existing code ...
}

Impact

Reentrancy attacks can cause unexpected behavior by allowing a potentially malicious contract to regain control during execution and alter the state in unintended ways. By using a nonReentrant modifier, we prevent such attacks by ensuring that no external calls can re-enter the contract's functions until their execution is complete. This is a critical security measure for functions that interact with untrusted contracts or execute external calls.

Assessed type

Reentrancy

c4-pre-sort commented 10 months ago

141345 marked the issue as insufficient quality report

c4-judge commented 10 months ago

0xean marked the issue as unsatisfactory: Insufficient quality