Potential read-only reentrancy attacks due to the lack of proper check-effects-interaction when _redeemCollateral
function interacts with external contracts with transfer hooks (ERC777 tokens) followed by state update in _burnDsc.
In DSCEngine.sol:253
, the _redeemCollateral
function may call external contracts with transfer hooks (such as ERC777 tokens). The best practice of check-effects-interaction is not followed, as there's a state update in _burnDsc
after calling _redeemCollateral
. This could potentially expose users of this protocol to read-only reentrancy vulnerabilities.
The low-severity vulnerability could potentially lead to read-only reentrancy attacks. External contracts with transfer hooks (such as ERC777 tokens) could be exploited to perform unexpected read-only operations during the execution of the _redeemCollateral
function. Although this is not as severe as write reentrancy, it can still lead to unexpected behavior and possible exploitation.
Manual Review
To mitigate the read-only reentrancy vulnerability, it is recommended to follow the best practice of check-effects-interaction. In this case, the state update in _burnDsc
should be done before calling _redeemCollateral
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.