search

hats-finance / Fenix-Finance-0x83dbe5aa378f3ce160ed084daf85f621289fb92f

0 stars 0 forks source link

Missing nonReentrant modifier on a state changing `VotingEscrowUpgradeable.checkpoint()` function #44

Open hats-bug-reporter[bot] opened 9 months ago

hats-bug-reporter[bot] commented 9 months ago

Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0xe6da78ec390d7752625af1732d9b3e8e8d2677a1a8b1a77d1e87ba137342af1d Severity: low

Description: Description\

The VotingEscrowUpgradeable.checkpoint() function will call the internal _checkpoint() function which ultimately fills the point history and potentially updates the epoch state variable.

    function checkpoint() external {
        _checkpoint(0, LockedBalance(0, 0), LockedBalance(0, 0));
    }

    function _checkpoint(uint _tokenId, LockedBalance memory old_locked, LockedBalance memory new_locked) internal {

    . . . some code

}

Therefore, it is recommended to add the nonReentrant modifier to the VotingEscrowUpgradeable.checkpoint() function

Recommendations\


-    function checkpoint() external {
+    function checkpoint() external nonReentrant {
        _checkpoint(0, LockedBalance(0, 0), LockedBalance(0, 0));
    }

Reference:

This is referenced from this issue found in Velodrome audit at spearbit

BohdanHrytsak commented 8 months ago

Thank you for the submission.

duplicate: #31