In the contract GSPTrader.sol, The nonReentrant keyword is used Without any proper imports from openzepplin or modifier,
Vulnerability Detail
In the GSPTrader contract the sellBase , sellQuote and flashLoan function have nonReentrant modifier but the openzepplin reentrency guard is not imported.
While Solidity 0.8.16 introduced a built-in reentrancy guard, it's still recommended to use OpenZeppelin's ReentrancyGuard in most cases. Here's why:
OpenZeppelin's implementation works seamlessly across different Solidity versions, ensuring consistent protection even in older codebases.
It maintains a consistent approach to reentrancy protection across your contracts, promoting code readability and maintainability.
OpenZeppelin's version offers a nonReentrant modifier with a notice parameter for logging reentrancy attempts, aiding in debugging and monitoring.
OpenZeppelin's library can be easily upgraded to incorporate future improvements or address any discovered vulnerabilities, ensuring continuous security.
Using OpenZeppelin's well-tested and widely adopted library aligns with industry best practices, fostering confidence in code security.
0xBhumii
medium
missing reentrency guard
Summary
In the contract
GSPTrader.sol
, ThenonReentrant
keyword is used Without any proper imports from openzepplin or modifier,Vulnerability Detail
In the
GSPTrader
contract thesellBase
,sellQuote
andflashLoan
function havenonReentrant
modifier but the openzepplin reentrency guard is not imported. While Solidity 0.8.16 introduced a built-in reentrancy guard, it's still recommended to use OpenZeppelin's ReentrancyGuard in most cases. Here's why:Impact
Loss/Sealing of funds due to Reentrecny attacks
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L40 https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L79 https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L127
Tool used
Manual Review
Recommendation
Use OpenZepplin's ReentrancyGuard to protect from reentrency attacks .
Duplicate of #147