Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Submission Details
Severity: high

Vunerable to Reentrancy

Description:

The _distribute function in the ProxyFactory contract executes a delegate call to a proxy contract. However, the contract lacks protection against reentrancy attacks, potentially allowing malicious actors to exploit vulnerabilities.

Impact:

In the absence of reentrancy protection, malicious parties could repeatedly call the _distribute function and perform unauthorized actions, potentially compromising the contract's integrity.

Proof of Concept:

  • Deploy the ProxyFactory contract.

  • Deploy a proxy contract with logic that includes an external call.

  • Use the deployProxyAndDistribute function to trigger the proxy contract's logic that makes an external call.

Malicious reentrant behavior is possible due to the absence of reentrancy protection.

Recommendation:

Implement reentrancy protection mechanisms such as the nonReentrant modifier or follow established patterns like the

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.