'correctRState' is not marked with nonReentrant, leading to potential ReadOnly-like reentrancy attacks on protocols that can possibly depend on DODO data. Protocol itslef in not affected.
Vulnerability Detail
'correctRState' can lead to change of state and is not nonReentrant, allowing to change state for _BASE_TARGET_ and _QUOTE_TARGET_ variables. These variable are used in formulas for price impact and calculations and are accessible outside. Combined with flash-loan capability or ERC777-like compatible tokens, this can lead to potential "ReadOnly"-like reentrancy threats.
Impact
MEDIUM - it doesn't not seem that protocol itself if affected - only potential integrations.
OrderSol
medium
Cross-contract reentrancy via correctRState
Summary
'correctRState' is not marked with
nonReentrant
, leading to potential ReadOnly-like reentrancy attacks on protocols that can possibly depend on DODO data. Protocol itslef in not affected.Vulnerability Detail
'correctRState' can lead to change of state and is not
nonReentrant
, allowing to change state for_BASE_TARGET_
and_QUOTE_TARGET_
variables. These variable are used in formulas for price impact and calculations and are accessible outside. Combined with flash-loan capability or ERC777-like compatible tokens, this can lead to potential "ReadOnly"-like reentrancy threats.Impact
MEDIUM - it doesn't not seem that protocol itself if affected - only potential integrations.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPVault.sol#L140
Tool used
Manual review
Recommendation
Add
nonReentrant
modifier to the function.