The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The LiquidationPool contract is vulnerable to reentrancy attacks due to the lack of proper protection in the `increasePosition` and `decreasePosition` functions

0xVinylDavyl

Summary

The LiquidationPool contract is vulnerable to reentrancy attacks due to the lack of proper protection in the increasePosition and decreasePosition functions. This vulnerability exposes the contract to potential exploits where an attacker can maliciously reenter these functions during their execution, leading to unexpected behavior.

Vulnerability Details

The vulnerable functions are as follows:

function increasePosition(uint256 _tstVal, uint256 _eurosVal) external {
require(_tstVal > 0 || _eurosVal > 0);
consolidatePendingStakes();
ILiquidationPoolManager(manager).distributeFees();
if (_tstVal > 0) IERC20(TST).safeTransferFrom(msg.sender, address(this), _tstVal);
if (_eurosVal > 0) IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _eurosVal);
pendingStakes.push(PendingStake(msg.sender, block.timestamp, _tstVal, _eurosVal));
addUniqueHolder(msg.sender);
}
function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external {
consolidatePendingStakes();
ILiquidationPoolManager(manager).distributeFees();
require(_tstVal <= positions[msg.sender].TST && _eurosVal <= positions[msg.sender].EUROs, "invalid-decr-amount");
if (_tstVal > 0) {
IERC20(TST).safeTransfer(msg.sender, _tstVal);
positions[msg.sender].TST -= _tstVal;
}
if (_eurosVal > 0) {
IERC20(EUROs).safeTransfer(msg.sender, _eurosVal);
positions[msg.sender].EUROs -= _eurosVal;
}
if (empty(positions[msg.sender])) deletePosition(positions[msg.sender]);
}

Impact

The impact of the identified reentrancy vulnerability in the increasePosition and decreasePosition functions is significant and can potentially result in adverse consequences for the LiquidationPool contract and its users. Detailed explanation of the impact:

  1. Reentrancy Attacks: Reentrancy attacks involve an attacker exploiting the reentrancy vulnerability to repeatedly call back into the vulnerable functions during their execution. In the context of increasePosition and decreasePosition, an attacker could maliciously reenter these functions, interrupting their normal flow.

  2. Potential Loss of Funds: As a consequence of the unexpected behavior introduced by reentrancy attacks, there is a potential risk of financial losses. For example, an attacker might exploit the vulnerability to manipulate token balances, cause incorrect calculations, or interfere with fund transfers, resulting in the mismanagement of funds within the LiquidationPool.

  3. Security Breach: Reentrancy attacks represent a security breach that can undermine the integrity and reliability of the contract. This can erode user trust and confidence in the system, negatively impacting the reputation of the platform.

Tools Used

Manual Code Review

Recommendations

By incorporating the ReentrancyGuardUpgradeable from the OpenZeppelin library, the contract will be protected against reentrancy attacks, enhancing its overall security. Ensure that the updated contract is thoroughly tested before deployment to ensure correctness and effectiveness in preventing reentrancy vulnerabilities.

Implement the ReentrancyGuard pattern in the increasePosition and decreasePosition functions to prevent reentrancy attacks. Here are the modifications to be made:

import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
contract LiquidationPool is ILiquidationPool, ReentrancyGuardUpgradeable {
// Existing contract code...
function increasePosition(uint256 _tstVal, uint256 _eurosVal) external nonReentrant {
// Existing function logic...
}
function decreasePosition(uint256 _tstVal, uint256 _eurosVal) external nonReentrant {
// Existing function logic...
}
// Existing contract code...
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.