Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Concern of Recursive Calls in `_distribute` Function

daniel526

Summary

The _distribute function within the ProxyFactory contract lacks proper protection against recursive invocation risk, which could potentially lead to unexpected behavior and fund loss.

Vulnerability Details

The _distribute function, responsible for distributing prizes through proxy contracts, is susceptible to recursive attacks due to the absence of a proper reentrancy guard. The function currently uses the call method to invoke the implementation contract's logic using the provided data argument. However, it does not prevent the function from being re-entered before it completes its execution, creating a window for malicious actors to manipulate the flow of execution and exploit the contract.

function _distribute(address proxy, bytes calldata data) internal {
(bool success,) = proxy.call(data);
if (!success) revert ProxyFactory__DelegateCallFailed();
emit Distributed(proxy, data);
}

Impact

An attacker could exploit reentrancy to repeatedly call the _distribute function and alter the state of the contract in unexpected ways. This could lead to incorrect distribution of prizes, unauthorized access to funds, and overall instability of the contract.

Tools Used

Manual

Recommendations

Use the "Checks-Effects-Interactions" pattern.

bool private locked;
function _distribute(address proxy, bytes calldata data) internal {
require(!locked, "Reentrancy guard");
locked = true;
(bool success,) = proxy.call(data);
if (!success) revert ProxyFactory__DelegateCallFailed();
locked = false;
emit Distributed(proxy, data);
}
```
By introducing the locked boolean variable, the function checks if it's currently executing. If it's not locked (i.e., not currently executing), it proceeds with the distribution logic, sets the locked flag to prevent reentrancy, and then resets the flag after the execution is complete. This safeguard helps to prevent multiple invocations of the _distribute function from overlapping and mitigates the risk of reentrancy attacks.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.