Event Based Reentrancy due to CallBack Tokens
Summary
Callback functions that can reenter functions with events lead to Event Reentrancy
Vulnerability Details
event Borrowed emitted Lender.sol line 277 after external calls to transfer()... line 269 loanToken
event Repaid emitted Lender.sol line 333 after external calls to transfer collateral tokens to borrower lines 329
event Repaid emitted Lender.sol lines 405 after external calls to transfer() to feeReceiver lines 403
If loanToken or collateralToken are callback tokens when transferred out they may be sent to a contract that can callback into the same function before the first event is emmitted. This results in wen function completes emitting incorrect or inconsistent event data as it will always miss emitting the first states, information, data that were suppposed to be emitted but was missed due to reentrancy
Impact
Medium: This results in incorrect events and missed event emission information for offchain tooling, monitoring, analysis, front ends. Users may act on protocol on faulty information from these events
Tools Used
Manual Analysis
Recommendations
-
It is recommended to follow Checks Effects Interactions patterns CEI pattern to ensure state updates and events are emitted before external calls to ensure accurate information. Move the events above the transfers
-
It may be ideal to make use of Reentrancy Guards e.g OpenZeppelin nonreentrant modifiers on affected functions
-
It may be ideal to whitelist allowed tokens for loanToken and collateralTokens and not allow callback, hook, tokens such as ERC777, ERC1363,
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.