15,000 USDC
View results
Submission Details
Severity: low

Potential read-only reentrancy attacks

Summary

Potential read-only reentrancy attacks due to the lack of proper check-effects-interaction when _redeemCollateral function interacts with external contracts with transfer hooks (ERC777 tokens) followed by state update in _burnDsc.

Vulnerability Details

In DSCEngine.sol:253, the _redeemCollateral function may call external contracts with transfer hooks (such as ERC777 tokens). The best practice of check-effects-interaction is not followed, as there's a state update in _burnDsc after calling _redeemCollateral. This could potentially expose users of this protocol to read-only reentrancy vulnerabilities.

function liquidate(address collateral, address user, uint256 debtToCover) {
...
_redeemCollateral(user, msg.sender, collateral, totalCollateralToRedeem);
_burnDsc(debtToCover, user, msg.sender);
...
}

Impact

The low-severity vulnerability could potentially lead to read-only reentrancy attacks. External contracts with transfer hooks (such as ERC777 tokens) could be exploited to perform unexpected read-only operations during the execution of the _redeemCollateral function. Although this is not as severe as write reentrancy, it can still lead to unexpected behavior and possible exploitation.

Tools Used

Manual Review

Recommendations

To mitigate the read-only reentrancy vulnerability, it is recommended to follow the best practice of check-effects-interaction. In this case, the state update in _burnDsc should be done before calling _redeemCollateral.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.