Submission Details
Severity:
Code does not follow the best practice of check-effects-interaction
Summary
Vulnerability Details
Code should follow the best-practice of check-effects-interaction, where state variables are updated before any external calls are made. Doing so prevents a large class of reentrancy bugs.
Impact
Instances (13):
File: contracts/LiquidationPool.sol
/// @audit distributeFees called prior to this assignment
155: positions[msg.sender].TST -= _tstVal;
/// @audit distributeFees called prior to this assignment
159: positions[msg.sender].EUROs -= _eurosVal;
/// @audit getAcceptedTokens() called prior to this
170: delete rewards[abi.encodePacked(msg.sender, _token.symbol)];
/// @audit safeTransferFrom called prior to this assignment
188: positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;
/// @audit safeTransferFrom called prior to this assignment
191: pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;
/// @audit safeTransferFrom called prior to this assignment
237: positions[holders[j]] = _position;
File: contracts/LiquidationPoolManager.sol
/// @audit tokenManager called prior to this assignment
24: TST = _TST;
/// @audit tokenManager called prior to this assignment
25: EUROs = _EUROs;
/// @audit tokenManager called prior to this assignment
26: smartVaultManager = _smartVaultManager;
/// @audit tokenManager called prior to this assignment
27: protocol = _protocol;
/// @audit tokenManager called prior to this assignment
28: poolFeePercentage = _poolFeePercentage;
File: contracts/SmartVaultV3.sol
/// @audit mintFeeRate called prior to this assignment
163: minted = minted + _amount + fee;
/// @audit burnFeeRate called prior to this assignment
171: minted = minted - _amount;
Tools Used
Recommendations
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.