DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Reentrancy guard modifiers must be used before any other modifier

David77

Reentrancy guard modifiers must be used before any other modifier

Severity: LOW
Confidence: High

Description

Reentrancy guard modifiers, like nonReentrant, must be used before any other modifier in order to prevent reentrancy in those other modifiers as well.

There are 21 instances of this issue:

File: contracts/facets/AskOrdersFacet.sol

35 nonReentrant

should be the first modifier usage in

File: contracts/facets/AskOrdersFacet.sol

29 function createAsk(

30 address asset,

31 uint80 price,

32 uint88 ercAmount,

33 bool isMarketOrder,

34 MTypes.OrderHint[] calldata orderHintArray

35 ) external isNotFrozen(asset) onlyValidAsset(asset) nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/AskOrdersFacet.sol#L35

File: contracts/facets/BidOrdersFacet.sol

50 nonReentrant

should be the first modifier usage in

File: contracts/facets/BidOrdersFacet.sol

39 function createBid(

40 address asset,

41 uint80 price,

42 uint88 ercAmount,

43 bool isMarketOrder,

44 MTypes.OrderHint[] calldata orderHintArray,

45 uint16[] calldata shortHintArray

46 )

47 external

48 isNotFrozen(asset)

49 onlyValidAsset(asset)

50 nonReentrant

51 returns (uint88 ethFilled, uint88 ercAmountLeft)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/BidOrdersFacet.sol#L50

File: contracts/facets/ERC721Facet.sol

263 nonReentrant

should be the first modifier usage in

File: contracts/facets/ERC721Facet.sol

260 function mintNFT(address asset, uint8 shortRecordId)

261 external

262 isNotFrozen(asset)

263 nonReentrant

264 onlyValidShortRecord(asset, msg.sender, shortRecordId)

265

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ERC721Facet.sol#L263

File: contracts/facets/ExitShortFacet.sol

46 nonReentrant

should be the first modifier usage in

File: contracts/facets/ExitShortFacet.sol

43 function exitShortWallet(address asset, uint8 id, uint88 buyBackAmount)

44 external

45 isNotFrozen(asset)

46 nonReentrant

47 onlyValidShortRecord(asset, msg.sender, id)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ExitShortFacet.sol#L46

File: contracts/facets/ExitShortFacet.sol

93 nonReentrant

should be the first modifier usage in

File: contracts/facets/ExitShortFacet.sol

90 function exitShortErcEscrowed(address asset, uint8 id, uint88 buyBackAmount)

91 external

92 isNotFrozen(asset)

93 nonReentrant

94 onlyValidShortRecord(asset, msg.sender, id)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ExitShortFacet.sol#L93

File: contracts/facets/ExitShortFacet.sol

154 nonReentrant

should be the first modifier usage in

File: contracts/facets/ExitShortFacet.sol

145 function exitShort(

146 address asset,

147 uint8 id,

148 uint88 buyBackAmount,

149 uint80 price,

150 uint16[] memory shortHintArray

151 )

152 external

153 isNotFrozen(asset)

154 nonReentrant

155 onlyValidShortRecord(asset, msg.sender, id)

156

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ExitShortFacet.sol#L154

File: contracts/facets/MarginCallPrimaryFacet.sol

46 nonReentrant

should be the first modifier usage in

File: contracts/facets/MarginCallPrimaryFacet.sol

43 function flagShort(address asset, address shorter, uint8 id, uint16 flaggerHint)

44 external

45 isNotFrozen(asset)

46 nonReentrant

47 onlyValidShortRecord(asset, shorter, id)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarginCallPrimaryFacet.sol#L46

File: contracts/facets/MarginCallPrimaryFacet.sol

97 nonReentrant

should be the first modifier usage in

File: contracts/facets/MarginCallPrimaryFacet.sol

89 function liquidate(

90 address asset,

91 address shorter,

92 uint8 id,

93 uint16[] memory shortHintArray

94 )

95 external

96 isNotFrozen(asset)

97 nonReentrant

98 onlyValidShortRecord(asset, shorter, id)

99 returns (uint88, uint88)

100

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarginCallPrimaryFacet.sol#L97

File: contracts/facets/MarginCallSecondaryFacet.sol

43 nonReentrant

should be the first modifier usage in

File: contracts/facets/MarginCallSecondaryFacet.sol

38 function liquidateSecondary(

39 address asset,

40 MTypes.BatchMC[] memory batches,

41 uint88 liquidateAmount,

42 bool isWallet

43 ) external onlyValidAsset(asset) isNotFrozen(asset) nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarginCallSecondaryFacet.sol#L43

File: contracts/facets/MarketShutdownFacet.sol

34 nonReentrant

should be the first modifier usage in

File: contracts/facets/MarketShutdownFacet.sol

30 function shutdownMarket(address asset)

31 external

32 onlyValidAsset(asset)

33 isNotFrozen(asset)

34 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarketShutdownFacet.sol#L34

File: contracts/facets/MarketShutdownFacet.sol

67 nonReentrant

should be the first modifier usage in

File: contracts/facets/MarketShutdownFacet.sol

64 function redeemErc(address asset, uint88 amtWallet, uint88 amtEscrow)

65 external

66 isPermanentlyFrozen(asset)

67 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/MarketShutdownFacet.sol#L67

File: contracts/facets/OrdersFacet.sol

32 nonReentrant

should be the first modifier usage in

File: contracts/facets/OrdersFacet.sol

29 function cancelBid(address asset, uint16 id)

30 external

31 onlyValidAsset(asset)

32 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/OrdersFacet.sol#L32

File: contracts/facets/OrdersFacet.sol

58 nonReentrant

should be the first modifier usage in

File: contracts/facets/OrdersFacet.sol

55 function cancelAsk(address asset, uint16 id)

56 external

57 onlyValidAsset(asset)

58 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/OrdersFacet.sol#L58

File: contracts/facets/OrdersFacet.sol

82 nonReentrant

should be the first modifier usage in

File: contracts/facets/OrdersFacet.sol

79 function cancelShort(address asset, uint16 id)

80 external

81 onlyValidAsset(asset)

82 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/OrdersFacet.sol#L82

File: contracts/facets/OrdersFacet.sol

129 nonReentrant

should be the first modifier usage in

File: contracts/facets/OrdersFacet.sol

124 function cancelOrderFarFromOracle(

125 address asset,

126 O orderType,

127 uint16 lastOrderId,

128 uint16 numOrdersToCancel

129 ) external onlyValidAsset(asset) nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/OrdersFacet.sol#L129

File: contracts/facets/ShortOrdersFacet.sol

41 nonReentrant

should be the first modifier usage in

File: contracts/facets/ShortOrdersFacet.sol

34 function createLimitShort(

35 address asset,

36 uint80 price,

37 uint88 ercAmount,

38 MTypes.OrderHint[] memory orderHintArray,

39 uint16[] memory shortHintArray,

40 uint16 initialCR

41 ) external isNotFrozen(asset) onlyValidAsset(asset) nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ShortOrdersFacet.sol#L41

File: contracts/facets/ShortRecordFacet.sol

41 nonReentrant

should be the first modifier usage in

File: contracts/facets/ShortRecordFacet.sol

38 function increaseCollateral(address asset, uint8 id, uint88 amount)

39 external

40 isNotFrozen(asset)

41 nonReentrant

42 onlyValidShortRecord(asset, msg.sender, id)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ShortRecordFacet.sol#L41

File: contracts/facets/ShortRecordFacet.sol

85 nonReentrant

should be the first modifier usage in

File: contracts/facets/ShortRecordFacet.sol

82 function decreaseCollateral(address asset, uint8 id, uint88 amount)

83 external

84 isNotFrozen(asset)

85 nonReentrant

86 onlyValidShortRecord(asset, msg.sender, id)

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ShortRecordFacet.sol#L85

File: contracts/facets/ShortRecordFacet.sol

120 nonReentrant

should be the first modifier usage in

File: contracts/facets/ShortRecordFacet.sol

117 function combineShorts(address asset, uint8[] memory ids)

118 external

119 isNotFrozen(asset)

120 nonReentrant

121 onlyValidShortRecord(asset, msg.sender, ids[0])

122

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/ShortRecordFacet.sol#L120

File: contracts/facets/VaultFacet.sol

60 nonReentrant

should be the first modifier usage in

File: contracts/facets/VaultFacet.sol

56 function depositAsset(address asset, uint104 amount)

57 external

58 onlyValidAsset(asset)

59 isNotFrozen(asset)

60 nonReentrant

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/VaultFacet.sol#L60

File: contracts/facets/VaultFacet.sol

100 nonReentrant

should be the first modifier usage in

File: contracts/facets/VaultFacet.sol

97 function withdrawAsset(address asset, uint104 amount)

98 external

99 onlyValidAsset(asset)

100 nonReentrant

101

https://github.com/Cyfrin/2023-09-ditto/blob/main/contracts/facets/VaultFacet.sol#L100

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.