40,000 USDC
View results
Submission Details
Severity: gas

Functions calling contracts/addresses with transfer hooks are missing reentrancy guards

Summary

Functions calling contracts/addresses with transfer hooks are missing reentrancy guards

Vulnerability Details

Even if the function follows the best practice of check-effects-interaction, not using a reentrancy guard when there may be transfer hooks will open the users of this protocol up to read-only reentrancies with no way to protect against it, except by block-listing the whole protocol.

File: /src/Escrow.sol
//@audit function `confirmReceipt()` is not protected against reentrancy
98: i_tokenContract.safeTransfer(i_seller, i_tokenContract.balanceOf(address(this)));

Link to code

File: /src/EscrowFactory.sol
//@audit function `newEscrow()` is not protected against reentrancy
39: tokenContract.safeTransferFrom(msg.sender, computedAddress, price);

Link to code

Impact

Informational

Tools Used

Manual

Recommendations

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.