External calls are being made to burnDsc
and redeemCollateral
functions, which both make more external calls. The burnDsc
function calls transferFrom and burn on i_dsc
and the redeemCollateral
function calls transfer on the IERC20 token at tokenCollateralAddress.
#169-175
#282-291
The possible reentrancy attack can occur in this sequence:
RedeemCollateralForDsc
is called, which calls burnDsc
.
Within burnDsc, i_dsc.transferFrom
is called, and this is the point of reentrancy.
If i_dsc
is a malicious contract, it could call back into redeemCollateralForDsc
.
Manual Review.
Slither: reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Add nonReentrant modifier to redeemCollateralForDsc
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.