Lack of Reentrancy Protection in `onTokenTransfer` Function in SDLPoolPrimary.sol
Lack of Reentrancy Protection in onTokenTransfer Function
Impact
The onTokenTransfer function does not currently include reentrancy protection. This could potentially expose the contract to reentrancy attacks when interacting with external contracts.
Proof of Concept
solidity
Copy code
// In SDLPoolPrimary.sol
function onTokenTransfer(
address _sender,
uint256 _value,
bytes calldata _calldata
) external override {
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
// ... (existing code)
if (msg.sender == address(sdlToken)) {
(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));
if (lockId != 0) {
_storeUpdatedLock(_sender, lockId, _value, lockingDuration);
} else {
_storeNewLock(_sender, _value, lockingDuration);
}
} else {
distributeToken(msg.sender);
}
}
Recommended Mitigation Steps
Implement the check-effects-interactions pattern to mitigate reentrancy vulnerabilities. Ensure that state changes are made after external calls to prevent potential reentrancy attacks.
solidity
Copy code
// In SDLPoolPrimary.sol
function onTokenTransfer(
address _sender,
uint256 _value,
bytes calldata _calldata
) external override {
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
// ... (existing code)
if (msg.sender == address(sdlToken)) {
(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));
if (lockId != 0) {
// Move external calls to the end of the function
_storeUpdatedLock(_sender, lockId, _value, lockingDuration);
} else {
_storeNewLock(_sender, _value, lockingDuration);
}
} else {
// Move external calls to the end of the function
distributeToken(msg.sender);
}
}
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.