Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Read-only reentry exists at withdraw

drynooo

Summary

There are read-only reentries when the user withdraws native tokens, and any read-only reentries are not sufficient for future code additions and for the rest of the project to add to the project.

Vulnerability Details

After the user withdraws the native tokens successfully, the contract first sends the native tokens to the user through the call call, and then burns the user's shares. at the time of the call to the user, at this time, through the balanceOf querying the user's shares is still the same value as before, there is already a read-only reentry. If there are other projects or changes in the project that rely on the result of this query as a value judgment, it is undoubtedly very dangerous. There have been several attacks in history for this reason.

try GMXProcessWithdraw.processWithdraw(self) {

// If native token is being withdrawn, we convert wrapped to native

if (self.withdrawCache.withdrawParams.token == address(self.WNT)) {

self.WNT.withdraw(self.withdrawCache.tokensToUser);

(bool success, ) = self.withdrawCache.user.call{value: address(this).balance}("");

require(success, "Transfer failed.");

} else {

// Transfer requested withdraw asset to user

IERC20(self.withdrawCache.withdrawParams.token).safeTransfer(

self.withdrawCache.user,

self.withdrawCache.tokensToUser

);

}

// Transfer any remaining tokenA/B that was unused (due to slippage) to user as well

self.tokenA.safeTransfer(self.withdrawCache.user, self.tokenA.balanceOf(address(this)));

self.tokenB.safeTransfer(self.withdrawCache.user, self.tokenB.balanceOf(address(this)));

// Burn user shares

self.vault.burn(self.withdrawCache.user, self.withdrawCache.withdrawParams.shareAmt);

Impact

Read-only re-entry can be a major security risk down the road.

Tools Used

manual

Recommendations

It is recommended to burn before calling the user.

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.