missing reentrency guard

Summary

In the contract GSPTrader.sol, The nonReentrant keyword is used Without any proper imports from openzepplin or modifier,

Vulnerability Detail

In the GSPTrader contract the sellBase , sellQuote and flashLoan function have nonReentrant modifier but the openzepplin reentrency guard is not imported. While Solidity 0.8.16 introduced a built-in reentrancy guard, it's still recommended to use OpenZeppelin's ReentrancyGuard in most cases. Here's why:

OpenZeppelin's implementation works seamlessly across different Solidity versions, ensuring consistent protection even in older codebases.
It maintains a consistent approach to reentrancy protection across your contracts, promoting code readability and maintainability.
OpenZeppelin's version offers a nonReentrant modifier with a notice parameter for logging reentrancy attempts, aiding in debugging and monitoring.
OpenZeppelin's library can be easily upgraded to incorporate future improvements or address any discovered vulnerabilities, ensuring continuous security.
Using OpenZeppelin's well-tested and widely adopted library aligns with industry best practices, fostering confidence in code security.

Impact

Loss/Sealing of funds due to Reentrecny attacks

Code Snippet

https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L40 https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L79 https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L127

Tool used

Manual Review

Recommendation

Use OpenZepplin's ReentrancyGuard to protect from reentrency attacks .

Duplicate of #147

sherlock-audit / 2023-12-dodo-gsp-judging

0xBhumii - missing reentrency guard #163