An attacker can drain the liquidity pool due to reentrancy
Summary
LiquidityPool contract has no reentrancy protection in decreaseposition function
Vulnerability Details
The decreasePosition function allows a user to reduce their staking position in the pool. This function executes external calls to transfer tokens to the caller (msg.sender), updating their position in the pool afterwards. A vulnerability arises because the protocol does not verify whether msg.sender is a contract or an externally owned account (EOA), and it updates the user balance post external call.
Some ERC20 tokens include an onTokenReceive() function, transferring execution control to the receiving address. Furthermore, if the "Standard protocol" accepts ERC777 tokens in the future, and if msg.sender is a malicious smart contract, it could exploit this. Since there is no nonReentrant guard on the decreasePosition function, the attacker could reenter the function multiple times, leading to the potential draining of the pool.
Impact
Potential risk for liquidity providers to lose their funds from the pool due to reentrancy attack
Tools Used
Manual
Recommendations
Consider adding nonReentrant guard to decreasePosition function and follow check-effect-iteration pattern
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.