DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: medium
Invalid

Potential Reentrancy in initializeDiamondCut

Summary

The initializeDiamondCut function in the LibDiamond library uses delegatecall to execute initialization code on a target contract (_init). This introduces a potential reentrancy vulnerability if the target contract is malicious, allowing it to reenter the diamond during initialization.

Vulnerability Details

  • The initializeDiamondCut function is an internal function within LibDiamond, making it accessible to any contract inheriting from the library.

  • The function utilizes delegatecall to execute the initialization code specified in the _calldata on the _init contract.

  • If the _init contract is malicious, it could reenter the diamond contract during the execution of delegatecall, potentially manipulating the diamond's state before it is fully initialized.

Impact

A successful exploitation of this reentrancy vulnerability could lead to:

  • Incorrect State Variables: The attacker could manipulate the diamond's state variables before they are finalized, leading to unexpected and potentially harmful behavior.

  • Unauthorized Access: The attacker could gain unauthorized access to sensitive functions or data within the diamond contract.

  • Denial of Service: The diamond contract could be rendered unusable due to the corrupted state.

Tools Used

Manual Code Review

Recommendations

Reentrancy Guard: Implement a reentrancy guard pattern in the initializeDiamondCut function. A simple boolean flag can be used to prevent the function from being called recursively during its execution.

function initializeDiamondCut(address _init, bytes memory _calldata) internal {
// ... (existing code)
// Reentrancy guard
require(!initializing, "ReentrancyGuard: reentrant call");
initializing = true;
// ... (delegatecall execution)
initializing = false; // Reset the flag after execution
}

Careful Review of _init Contracts: Thoroughly audit any contract passed as the _init argument to ensure it does not contain any malicious code or reentrancy vulnerabilities.

Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.