First Flight #15: Mondrian Wallet
First Flight #15
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential risk of reentrancy in `MondrianWallet::execute()`

topstar

Summary

The execute function performs an external call to the specified dest address with a specified value and calldata. External calls can potentially open the contract to reentrancy attacks, where an attacker can recursively call the execute function before the initial execution completes, manipulating the contract's state in unexpected ways.

Vulnerability Details

A reentrancy attack can occur if the external contract called by execute makes a callback into the MondrianWallet contract. If the contract state is not properly managed, this can lead to vulnerabilities, including draining funds or corrupting the contract state.

function execute(address dest, uint256 value, bytes calldata func) external requireFromEntryPointOrOwner {
@> (bool success, bytes memory result) = dest.call{value: value}(func);
if (!success) {
assembly {
revert(add(result, 32), mload(result))
}
}
}

Impact

Impact: Medium. Severity: High

Tools Used

Manual review

Recommendations

To mitigate the risk of reentrancy attacks, use the ReentrancyGuard contract from OpenZeppelin. This contract provides a nonReentrant modifier that can be applied to functions to prevent them from being called recursively.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.