The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of reentrancy protection

wardenpaul

Summary

Functions that perform several external interactions lack basic reentrancy protection.

Vulnerability Details

Functions do not have re-entrancy protection and do not follow the Check-Effects-Interaction pattern, thus they are vulnerable to exploits. For instance, increasePosition first transfers the tokens before updating the state:

function increasePosition(uint256 _tstVal, uint256 _eurosVal) external {

require(_tstVal > 0 || _eurosVal > 0);

consolidatePendingStakes();

ILiquidationPoolManager(manager).distributeFees();

if (_tstVal > 0) IERC20(TST).safeTransferFrom(msg.sender, address(this), _tstVal);

if (_eurosVal > 0) IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _eurosVal);

pendingStakes.push(PendingStake(msg.sender, block.timestamp, _tstVal, _eurosVal));

addUniqueHolder(msg.sender);

}

Similarly, when decreasing position:

function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external {

consolidatePendingStakes();

ILiquidationPoolManager(manager).distributeFees();

require(_tstVal <= positions[msg.sender].TST && _eurosVal <= positions[msg.sender].EUROs, "invalid-decr-amount");

if (_tstVal > 0) {

IERC20(TST).safeTransfer(msg.sender, _tstVal);

positions[msg.sender].TST -= _tstVal;

}

if (_eurosVal > 0) {

IERC20(EUROs).safeTransfer(msg.sender, _eurosVal);

positions[msg.sender].EUROs -= _eurosVal;

}

if (empty(positions[msg.sender])) deletePosition(positions[msg.sender]);

}

First, tokens are transferred to the user and only then the position is decreased. The order of operations leaves a gap to repeat the action and gain benefits more than once.

Impact

The contract will be deployed with tokens like LINK support and LINK is ERC677 compatible, it contains transferAndCall function to support action hooks. This makes it very easy for malicious users to exploit, e.g. repeatedly withdrawals.

Tools Used

Manual review.

Recommendations

Add reentrancy protection modifiers to critical functions that perform external interactions.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.