Reentrancy Vulnerability buyLoan Function
Summary
The buyLoan function has a potential reentrancy vulnerability because it makes an external call to transfer tokens before updating its state variable loans.
Vulnerability Details
A reentrancy vulnerability occurs when a contract makes an external call to another contract before updating its state variables. This can allow an attacker to call the function again before its state is updated, potentially leading to unexpected behavior.
The buyLoan makes an external call to transfer tokens before updating the loans state variable. The function updates the loans array by modifying the properties of the corresponding Loan.
Impact
If an attacker is able to exploit this vulnerability, they may be able to manipulate the state of this variable in unexpected ways, potentially leading to loss of funds or other unintended consequences.
Tools Used
Manual review of the code.
Recommendations
Use a reentrancy guard modifier to prevent reentrant calls to the buyLoan function. the OpenZeppelin library provides a ReentrancyGuard contract that can be inherited to make the nonReentrant modifier available. It works by using a lock variable to keep track of whether the function is currently being executed. If the function is called again before the first call has completed, the lock variable will prevent the second call from executing.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.