FaisalAli - [N-01] The `nonReentrant` `modifier` should occur before all other modifiers

[sherlock-admin]

FaisalAli

medium

[N-01] The nonReentrant modifier should occur before all other modifiers

Summary

This is a best-practice to protect against reentrancy in other modifiers.

Vulnerability Detail

When developing smart contracts in Solidity, prioritizing security is crucial to prevent vulnerabilities like reentrancy attacks. These attacks exploit a contract's recursive behavior to manipulate it and potentially drain funds. To address this, thenonReentrant modifier is commonly employed as a protective measure, acting as a lock to prevent recursive function calls during execution. To ensure its effectiveness, it is essential to place thenonReentrant modifier at the beginning of a function, before any other modifiers, to prevent bypassing of the reentrancy protection.

Impact

While there is no obvious vulnerability currently with nonreentrant not being the first modifier in the list, it is safer to place it in the first.

Code Snippet

• contracts/DODOV3MM/D3Pool/D3Funding.sol: Line: 16: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Funding.sol#L16
• contracts/DODOV3MM/D3Pool/D3Funding.sol: Line: 31: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Funding.sol#L31
• contracts/DODOV3MM/D3Pool/D3Funding.sol: Line: 40: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Funding.sol#L40
• contracts/DODOV3MM/D3Pool/D3Funding.sol: Line: 77: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Funding.sol#L77
• contracts/DODOV3MM/D3Pool/D3Trading.sol: Line: 99: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L99
• contracts/DODOV3MM/D3Pool/D3Trading.sol: Line: 140: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L140
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 16: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L16
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 20: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L20
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 25: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L25
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 41: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L41
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 56: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L56
• contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol: Line: 96: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3PoolNoBorrow/D3MMNoBorrow.sol#L96
• contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol: Line: 74: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L74
• contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol: Line: 102: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L102
• contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol: Line: 129: https://github.com/sherlock-audit/2023-12-dodo/blob/main/dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L129

Tool used

Manual Review

Recommendation

It is recommended to place the nonReentrant modifier at the beginning of a function, before any other modifiers.

[nevillehuang]

Invalid, informational finding with no real fund loss/DoS/core contract functionality impact.