Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Potential for reentrancy attacks

0xpublicgoods

Summary

Potential for reentrancy attacks. Some NonReentrant functions are marked external and they in turn call private internal functions which is a known work around for Re-entrancy

Vulnerability Details

The contract uses a non-reentrant modifier for some functions, but not for all. This could potentially lead to reentrancy attacks if not properly managed.

The _revertIfHealthFactorIsBroken(addresss) invariant check at the end of NonReentrant marked functions helps in this regard, similarly to the way Uniswap V2 flashloans work to ensure that everything borrowed is repaid atomically with a fee

Impact

This could potentially lead to unexpected behavior or loss of funds. I have not found a way to do this profitably

Tools Used

Manual Verification
Forge and Foundry

Recommendations

It is recommended to use the non-reentrant modifier for all external functions that modify state.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.