The contract's _modifyPosition function is vulnerable to reentrancy attacks if the collateralToken being used is an ERC777 token.
The reentrancy vulnerability in the _modifyPosition function could allow an attacker to call the function repeatedly before the previous calls have finished executing, potentially leading to unexpected behavior and/or financial losses.
SunSec
high
_modifyPosition () ERC777 re-enter to steal funds
Summary
Vulnerability Detail
The contract's _modifyPosition function is vulnerable to reentrancy attacks if the collateralToken being used is an ERC777 token.
The reentrancy vulnerability in the _modifyPosition function could allow an attacker to call the function repeatedly before the previous calls have finished executing, potentially leading to unexpected behavior and/or financial losses.
Impact
Code Snippet
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L310-L319
Tool used
Manual Review
Recommendation
Add reentrancy protection for modifyPosition() function.