CHECK-EFFECTS-INTERACTIONS: IF A FUNCTION DOES NOT FOLLOW THIS SECURITY PATTERN, THEN A REENTRANCY ATTACK MAY OCCUR
Summary
contracts/core/ccip/RESDLTokenBridge.sol#84-135
contracts/core/ccip/RESDLTokenBridge.sol#171-192
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#56-93
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#109-114
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#125-134
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#294-310
contracts/core/ccip/SDLPoolCCIPControllerPrimary.sol#317-333
contracts/core/ccip/SDLPoolCCIPControllerSecondary.sol#119-140
contracts/core/ccip/WrappedTokenBridge.sol#158-202
contracts/core/ccip/WrappedTokenBridge.sol#234-255
The presence of an external call to sdlPoolCCIPController.handleIncomingRESDL followed by the emission of a TokenReceived event. In certain cases, this sequence of actions could allow an attacker to execute malicious operations or manipulate events in an order other than expected, taking advantage of the possibility to re-enter the function before all operations are completed.
Vulnerability Details
Impact
Tools Used
Audit Wizard, Slither, Chat GPT, Manual Review
Recommendations
The recommendation to address this vulnerability is to apply the check-effects-interactions security pattern. This approach involves performing all internal operations or state changes in the contract first and then making external contract calls or emitting events. By clearly separating internal operations from external interactions, the likelihood of reentrancy is significantly reduced."
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.