Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, insufficient proof that reentrancy can occur. You cannot reenter a standard ERC20 transfer. Additionally, agree with sponsors comments:
sendCollateral is guarded to be called only my modules, and all of the calling functions are guarded with non reentrant modifier
cheatcode
medium
Reentrancy Vulnerability in FlatcoinVault Contract
Summary
The
sendCollateral
function inFlatcoinVault
is vulnerable to reentrancy attacks because it calls external contracts without checks. This could allow attackers to drain funds or manipulate state.Impact
The impact of this vulnerability is high. A successful exploit could:
Exploit Scenario
An example exploit scenario:
FlatcoinVault
callssendCollateral
to pay out collateral to the malicious contractsendCollateral
Vulnerable Code
The vulnerability arises from
sendCollateral
calling external contracts without checks:Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L138
Recommended Mitigation
To mitigate this,
sendCollateral
should apply a reentrancy guard or follow the Checks-Effects-Interactions pattern, e.g.:This would prevent reentrant calls, fixing the vulnerability.