The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Contract exposed to reentrancy attack through the `liquidateVault` in the `SmartVaultManagerV5`function

0xVinylDavyl

Summary

The liquidateVault function in the SmartVaultManagerV5 contract lacks reentrancy protection, posing a potential vulnerability to reentrancy attacks. Leading to potential loss of funds.

Vulnerability Details

The vulnerability arises from the absence of a reentrancy protection mechanism in the liquidateVault function, allowing an external contract to recursively call it during execution.

// Existing vulnerable code

function liquidateVault(uint256 _tokenId) external onlyLiquidator {

ISmartVault vault = ISmartVault(smartVaultIndex.getVaultAddress(_tokenId));

try vault.undercollateralised() returns (bool _undercollateralised) {

require(_undercollateralised, "vault-not-undercollateralised");

vault.liquidate();

IEUROs(euros).revokeRole(IEUROs(euros).MINTER_ROLE(), address(vault));

IEUROs(euros).revokeRole(IEUROs(euros).BURNER_ROLE(), address(vault));

emit VaultLiquidated(address(vault));

} catch {

revert("other-liquidation-error");

}

Impact

Unintended State Changes: This Reentrancy attacks can interfere with the normal flow of the liquidateVault function, leading to unintended changes in the contract's state. This may include altering variables, updating status flags, or disrupting the expected sequence of operations.

Loss of Funds: If the liquidateVault function involves financial transactions, such as transferring assets or handling funds, a successful reentrancy attack could lead to the unauthorized withdrawal or manipulation of funds. This poses a direct risk to the financial integrity of the contract and its users.

Inconsistent Contract Behavior: Reentrancy attacks may introduce inconsistencies in the contract's behavior. This could result in scenarios where the contract's state is uncertain or contradictory, making it challenging for users to rely on the expected outcomes of certain functions.

Tools Used

Manual Code Review

Recommendations and Mitigation Steps

Implement the ReentrancyGuard pattern in the liquidateVault function to prevent reentrancy attacks. This involves using the ReentrancyGuardUpgradeable contract from OpenZeppelin.
ReentrancyGuardUpgradeable here ensures that the liquidateVault function is protected against reentrancy attacks, enhancing the security of the smart contract.

import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";

contract SmartVaultManagerV5 is ISmartVaultManager, ISmartVaultManagerV2, Initializable, ERC721Upgradeable, OwnableUpgradeable, ReentrancyGuardUpgradeable {

// Existing contract code...

function liquidateVault(uint256 _tokenId) external onlyLiquidator nonReentrant {

// Existing function logic...

}

// Existing contract code...

}

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.