d43mon - Reentrancy in SophonFarming::bridgepool

[sherlock-admin3]

d43mon

medium

Reentrancy in SophonFarming::bridgepool

Summary

Reentrancy in SophonFarming::bridgepool

Vulnerability Detail

There could be a possible reentrancy attack in SophonFarming::bridgepool() function.

In order to attack this function:

1. the bridgepool() function is called .
2. lptoken approves the bridge to use the funds.
3. the bridge calls the external deposit() function which could be attacked causing the deposit of unwanted lptokens in the farm leading to excessive amounts of funds flowing in the contract.

Impact

The flow of excessive funds could lead to wrong calculation of userInfo rewards calcualtion. Due to increase in the tokens lpsupply increases which in turn leads to decrease in the accPointsPerShare. hence the users will receive less reward then the actual. pool.accPointsPerShare = pointReward/lpSupply + pool.accPointsPerShare;

Code Snippet

link to the code snippet : https://github.com/sherlock-audit/2024-05-sophon/blob/main/farming-contracts/contracts/farm/SophonFarming.sol#L766.

lpToken.approve(address(bridge), depositAmount);
bridge.deposit(
        pool.l2Farm,            // _l2Receiver
        address(lpToken),       // _l1Token
        depositAmount,          // _amount
        200000,                 // _l2TxGasLimit
        0,                      // _l2TxGasPerPubdataByte
        owner()                 // _refundRecipient
    );

Tool used

Manual Review

Recommendation

CEI should be applied isBridgedisBridged[_pid] = true; should be updated beforehand

[sherlock-admin3]

2 comment(s) were left on this issue during the judging contest.

0xmystery commented:

invalid because no hook is entailed and POC is deficient of actual/concrete proof

0xreadyplayer1 commented:

According to contest Readme Any bridging related code is considered out of scope and the issue is invalid.