unRekt - `_checkReentrancyContext()` lacks implementation and doesn't checks for reentrancy anywhere.

[sherlock-admin4]

unRekt

Medium

_checkReentrancyContext() lacks implementation and doesn't checks for reentrancy anywhere.

Summary

_checkReentrancyContext() lacks implementation

Vulnerability Detail

The _checkReentrancyContext() in BaseStrategyVault.sol (out of scope)

    function _checkReentrancyContext() internal virtual;

Is marked virtual and lacks implementation, which means if BaseStrategyVault.sol is inherited by other contracts the _checkReentrancyContext() can be overriden and the implementation can be defined. But every contract which inheriting BaseStrategyVault.sol directly or indirectly do not have _checkReentrancyContext() implementation.

BaseStakingVault inherits BaseStrategyVault -> _checkReentrancyContext() EthenaVault inherits BaseStakingVault -> function _checkReentrancyContext() internal override { /* NO-OP */ } EtherFiVault inherits BaseStakingVault -> function _checkReentrancyContext() internal override {// NO-OP} PendlePrincipalToken inherits BaseStakingVault -> function _checkReentrancyContext() internal override {// NO-OP} and other contracts(out of scope).

Impact

As the name of the function suggests, it is meant to check for reentrancy, but if the function is not implemented properly then the checks will not happen. And it can lead to vulnerabilities under the hood.

Code Snippet

https://github.com/sherlock-audit/2024-06-leveraged-vaults/blob/14d3eaf0445c251c52c86ce88a84a3f5b9dfad94/leveraged-vaults-private/contracts/vaults/common/BaseStrategyVault.sol#L157

Tool used

Manual Review

Recommendation

Implement the _checkReentrancyContext() function properly.

[sherlock-admin3]

1 comment(s) were left on this issue during the judging contest.

0xmystery commented:

Low/QA at most