Closed sherlock-admin closed 1 year ago
pzeus
high
There is an issue of reentrancy exploit
There is a potential of reentering the function since we do not know the implementation of the ERC token and we are making an external call to it
Could end up with stolen user's or protocol's funds
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L213
Manual Review
I would recommend the usage of nonReentrant guard from OpenZeppelin framework or some other custom implementation preventing this
pzeus
high
Potential reentrancy attack
Summary
There is an issue of reentrancy exploit
Vulnerability Detail
There is a potential of reentering the function since we do not know the implementation of the ERC token and we are making an external call to it
Impact
Could end up with stolen user's or protocol's funds
Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/Stream.sol#L213
Tool used
Manual Review
Recommendation
I would recommend the usage of nonReentrant guard from OpenZeppelin framework or some other custom implementation preventing this