missing reentrancy guards for the `mint`, `burn`, `transferUnderlyingTo`, and `updateExchangeRate` functions
Summary
The AssetToken contract has functions marked as onlyThunderLoan, which restricts access to the i_thunderLoan address. It doesn't protect against reentrancy attacks. These functions perform operations that interact with external contracts, and without reentrancy guards, there's a potential risk of reentrancy attacks, particularly in the updateExchangeRate function where external calls are made.
Vulnerability Details
Reentrancy occurs when an attacker exploits the flow of control in a smart contract to make it repeatedly call an attacker's malicious contract before the state is updated. In the provided code, the mint, burn, transferUnderlyingTo, and updateExchangeRate functions are marked as onlyThunderLoan, which means they can only be called by the i_thunderLoan address. However, these functions do not have reentrancy guards.
Potential attacker can create a malicious contract and exploit the lack of a reentrancy guard to perform external calls and manipulate the exchange rate.
For the updateExchangeRate function:
Impact
The impact of missing reentrancy guards is that an attacker could potentially manipulate the AssetToken contract's state and cause financial losses or instability in the system. In the case of the updateExchangeRate function, the attacker can exploit the state changes caused by external calls.
Tools Used
Manual
Recommendations
Mitigating the reentrancy risk, you should consider adding reentrancy guards to functions that perform external calls or handle user-provided data. Below is a code snippet for adding a reentrancy guard using the nonReentrant modifier:
Lead Judging Commences
can't redeem because of the update exchange rate
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.