Lack of Reentrancy Protection in onTokenTransfer Function
The onTokenTransfer function does not currently include reentrancy protection. This could potentially expose the contract to reentrancy attacks when interacting with external contracts.
solidity
Copy code
// In SDLPoolPrimary.sol
function onTokenTransfer(
address _sender,
uint256 _value,
bytes calldata _calldata
) external override {
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
// ... (existing code)
if (msg.sender == address(sdlToken)) {
(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));
if (lockId != 0) {
_storeUpdatedLock(_sender, lockId, _value, lockingDuration);
} else {
_storeNewLock(_sender, _value, lockingDuration);
}
} else {
distributeToken(msg.sender);
}
}
Implement the check-effects-interactions pattern to mitigate reentrancy vulnerabilities. Ensure that state changes are made after external calls to prevent potential reentrancy attacks.
solidity
Copy code
// In SDLPoolPrimary.sol
function onTokenTransfer(
address _sender,
uint256 _value,
bytes calldata _calldata
) external override {
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
// ... (existing code)
if (msg.sender == address(sdlToken)) {
(uint256 lockId, uint64 lockingDuration) = abi.decode(_calldata, (uint256, uint64));
if (lockId != 0) {
// Move external calls to the end of the function
_storeUpdatedLock(_sender, lockId, _value, lockingDuration);
} else {
_storeNewLock(_sender, _value, lockingDuration);
}
} else {
// Move external calls to the end of the function
distributeToken(msg.sender);
}
}
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.