Reentrancy Risk in RESDLTokenBridge Contract
Summary
The smart contract RESDLTokenBridge contains a potential reentrancy vulnerability in the transferRESDL function. The ccipSend function is invoked after emitting the TokenTransferred event, which could expose the contract to reentrancy attacks if the called function interacts with external contracts that might recursively call back into the current contract.
Vulnerability Details
Reentrancy Risk:
The
ccipSendfunction is called within thetransferRESDLfunction after emitting theTokenTransferredevent. Reentrancy risks may arise if the called function interacts with external contracts that could potentially call back into the current contract. Consider following the reentrancy guard pattern to prevent such risks.
Impact
The current implementation of the RESDLTokenBridge contract is vulnerable to a high-severity reentrancy attack. If left unmitigated, malicious actors could exploit this vulnerability to recursively call back into the contract, potentially causing unexpected behavior and financial losses. Implementing the recommended reentrancy guard pattern is crucial to prevent such attacks and enhance the overall security of the contract.
Tools Used
Manual Review
Recommendations
It is strongly advised to implement a reentrancy guard pattern to mitigate the reentrancy risk. A reentrancy guard should be applied to the transferRESDL function to prevent multiple calls from executing concurrently until the current execution is completed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.