Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: gas

Valid

Using `nonReentrant` when it's unnecessary

mahyar

Details

In depositCollateral, redeemCollateral, mintDsc and liquidate functions you are using nonReentrant modifier to prevent reentarny but since the only external call is calling a function on ERC20 tokens there is no way to someone be able to re enter the function, even if attacker some how re enter the function nothing will break since you update the state before sending tokens.

nonReentrant modifier update the state two times, by using this modifier in functions they cost a lots of gas, for being more safe you can only use it with liquidate function and remove it from other functions.

function depositCollateral(address tokenCollateralAddress, uint256 amountCollateral)

public

moreThanZero(amountCollateral)

isAllowedToken(tokenCollateralAddress)

- nonReentrant

{

function redeemCollateral(address tokenCollateralAddress, uint256 amountCollateral)

public

moreThanZero(amountCollateral)

- nonReentrant

{

- function mintDsc(uint256 amountDscToMint) public moreThanZero(amountDscToMint) nonReentrant {

+ function mintDsc(uint256 amountDscToMint) public moreThanZero(amountDscToMint) {

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.