Submission Details
Severity:
Functions calling contracts/addresses with transfer hooks are missing reentrancy guards
Summary
Even if the function follows the best practice of the check-effects-interactions pattern, not using a reentrancy guard when there may be transfer hooks will open the users of this protocol up to read-only reentrancies with no way to protect against it other than by block-listing the whole protocol.
Vulnerability Details
There are 7 instances of this issue.
View 7 Instances
File: contracts/bridges/BridgeReth.sol
/// @audit function: `deposit()`
64: rocketETHToken.transferFrom(from, address(this), amount);
/// @audit function: `withdraw()`
94: rocketETHToken.transfer(to, rethValue);
| File Link | Instance Count | Instance Links |
|---|---|---|
| BridgeReth.sol | 2 | 64,94 |
File: contracts/bridges/BridgeSteth.sol
/// @audit function: `deposit()`
66: steth.transferFrom(from, address(this), amount);
/// @audit function: `withdraw()`
87: steth.transfer(to, amount);
/// @audit function: `unstake()`
95: unsteth.safeTransferFrom(address(this), to, requestId);
| File Link | Instance Count | Instance Links |
|---|---|---|
| BridgeSteth.sol | 3 | 66,87,95 |
File: contracts/facets/ERC721Facet.sol
/// @audit function: `safeTransferFrom()`
94: safeTransferFrom(from, to, tokenId, "");
/// @audit function: `safeTransferFrom()`
118: transferFrom(from, to, tokenId);
| File Link | Instance Count | Instance Links |
|---|---|---|
| ERC721Facet.sol | 2 | 94,118 |
Impact
Potential for read-only reentrancies that could require block-listing the whole protocol.
Tools Used
baudit: a custom static code analysis tool; manual review
Recommendations
Add a reentrancy guard to any function using a transfer hook.
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.