Summary

A high-risk reentrancy vulnerability in the stepSun function of the Sun contract. The vulnerability occurs due to an external call to rewardBeans before modifying state variables. This sequence of operations could potentially allow for reentrancy attacks.

Vulnerability Details

The vulnerability is present in the stepSun function, where an external call is made to rewardBeans(uint256(deltaB)). This call is followed by modifications to state variables in the setSoilAbovePeg function. This pattern could enable reentrancy attacks if the called contracts re-enter the Sun contract before state modifications are completed.

Impact

The impact of this vulnerability is assessed as high. Successful exploitation could enable reentrancy attacks, allowing an attacker to manipulate the contract's state and exploit unintended behaviors.

Tools Used

Manual review and slither.

Recommendations

To mitigate the identified reentrancy vulnerability, the following recommendations are proposed:

Apply Check-Effects-Interactions Pattern: Ensure that state modifications are performed before any external calls to prevent reentrancy attacks. Review the sequence of operations in the stepSun function to ensure that state modifications occur before any external calls.

Use ReentrancyGuard: Consider implementing the ReentrancyGuard pattern in the stepSun function and other relevant functions to prevent reentrancy attacks. This pattern can help mitigate the risk of reentrancy vulnerabilities by ensuring that functions are not re-entered recursively.