Possible reentrancy in `beginBarnRaiseMigration` function
Summary
The beginBarnRaiseMigration function is intended to migrate the Barn Raise to a new Well. It transfers underlying tokens from the existing Well to the contract owner. But there is a potential reentrancy vulnerability due to changing balanceOfUnderlying after safeTransferunderlying tokens.
Vulnerability Details
Let's break down the function and explain the vulnerability:
An attacker deploys a malicious contract that implements a fallback function to call the Fertilizer contract's functions.
The attacker initiates the Barn Raise migration process, causing the beginBarnRaiseMigration function to transfer tokens to the contract owner.
The malicious contract's fallback function is triggered when it receives tokens, allowing it to reenter the Fertilizer contract and execute additional logic before the transfer is completed.
This reentrancy attack can lead to unexpected behavior, such as draining funds or manipulating the contract state.
Impact
The impact of a successful reentrancy attack can be severe, potentially resulting in loss of funds or manipulation of contract state. Depending on the contract's functionality and the attacker's intentions, the consequences may vary from minor disruptions to complete contract compromise.
Tools Used
Manual Review
Recommendations
To mitigate the reentrancy vulnerability, ensure that external calls to untrusted contracts are made after all internal state changes are completed. Implement the "checks-effects-interactions" pattern, where external calls are the last operation in a function after all internal state changes. Use reentrancy guards to prevent recursive calls during critical operations.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.