Wrong implementation of decreasePosition function
Summary
Function decreasePosition is potentially vulnerable to reentrance due to how it performs state modification.
Vulnerability Details
decreasePositionis an external function that can be called by any external contract including a bad contract yet, it has no re-entrancy guard declared which renders it vulnerable.It also performs it's state change
positions[msg.sender].EUROs -= _eurosVal;,positions[msg.sender].TST -= _tstVal;after an interaction with an external contractmsg.sender.
Impact
Though the likelihood is kinda low now due to how ERC20 handles externals but there's still a potential loss of funds here as the interaction to external EOA/CA is done before state changes which is quite dangerous resulting to many loss of funds in the past. It is advisable to follow the security recommendations as this is a ticking time bomb.
Tools Used
Manual review
Recommendations
-
It is recommended to follow Checks Effects Interactions pattern and perform all state updates first before making any external calls to contracts which may be outside the protocols control. That is the line
IERC20(TST).safeTransfer(msg.sender, _tstVal);andIERC20(EUROs).safeTransfer(msg.sender, _eurosVal);should occur after all state modifications. -
Use a Re-entrance guard
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.