search

sherlock-audit / 2024-06-makerdao-endgame-judging

1 stars 1 forks source link

0xaliyah - h-03 reentrant with stolen of funds 0xaliyah #16

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 1 month ago

0xaliyah

High

h-03 reentrant with stolen of funds 0xaliyah

Summary

  1. while the temp. var; balance L197 is the misinformation toward the effect at L201
  2. while the temp. var; balance L197 is the lagging indication toward the effect at L201 if the msg.sender address was made any withdrawal or any transferFrom in the way that induced that reentry
  3. L197 is the lagging indication
  4. the msg.sender address made a withdrawal when the transfer function gave up control to the attacker at L197
  5. given msg.sender is now emptied since L197 capturing and L197 now stale then L201 give the msg.sender address free increment

Vulnerability Detail

  1. recipients for free balance increment may be found

Impact

  1. high impact + high likeliness owasp

Code Snippet

poc

Tool used

Manual Review

Recommendation

checks effects interactions Will Shahda

Duplicate of #14

telome commented 1 month ago

Spam/bot submission?

sabatha7 commented 1 month ago

@telome thank you i am real human manual review thank you for comment please tag on discord we will read everything fast and may you ask if any further query. @0xaliyah

15

sabatha7 commented 1 month ago

@telome if your asking if the attacker will spam/brute force . as if have discussed at #14 I am not suspecting it will be the most elegant approach by the attacker.