The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Reentrancy Attack in `getAssets()` Function

yeahchibyke

Summary

Reentrancy attack in getAssets() function if getAssetBalance() function makes external call

Vulnerability Details and Impact

  • Attacker contract calls getAssets(), which in turn calls getAssetBalance()

  • getAssetBalance() makes an external call to the attacker contract

  • Attacker contract's fallback function calls getAssets() again

  • Step 1-3 repeat, resulting to an infinite loop

Recommendations

  • Perform state changes before making external calls:
    -- Calculate the asset balance before making the call to getAssetBalance(). This CEI pattern means that the state of getAssets() function has already been updated in the events that there is a reentrancy.

  • Utilize Reentrancy Guards

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.