Potential read-only reentrancy attacks
Summary
Potential read-only reentrancy attacks due to the lack of proper check-effects-interaction when _redeemCollateral function interacts with external contracts with transfer hooks (ERC777 tokens) followed by state update in _burnDsc.
Vulnerability Details
In DSCEngine.sol:253, the _redeemCollateral function may call external contracts with transfer hooks (such as ERC777 tokens). The best practice of check-effects-interaction is not followed, as there's a state update in _burnDsc after calling _redeemCollateral. This could potentially expose users of this protocol to read-only reentrancy vulnerabilities.
Impact
The low-severity vulnerability could potentially lead to read-only reentrancy attacks. External contracts with transfer hooks (such as ERC777 tokens) could be exploited to perform unexpected read-only operations during the execution of the _redeemCollateral function. Although this is not as severe as write reentrancy, it can still lead to unexpected behavior and possible exploitation.
Tools Used
Manual Review
Recommendations
To mitigate the read-only reentrancy vulnerability, it is recommended to follow the best practice of check-effects-interaction. In this case, the state update in _burnDsc should be done before calling _redeemCollateral.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.