TSwapPool Liquidity pool can be stolen in some tokens (e.g. ERC-777)
Vulnerability Details
Vulnerability Details
Vulnerability: Reentrancy in transferFrom and transfer Functions
Location: The vulnerability exists in the deposit, withdraw, swapExactInput, and swapExactOutput functions, where tokens are transferred using transferFrom and transfer.
Description: If an ERC-777 token or another reentrant token is used with this contract, the transferFrom or transfer functions could invoke a callback function on the token contract, allowing reentrant calls. This reentrancy can be exploited to manipulate the contract's state and drain the liquidity pool.
Impact
An attacker could exploit this vulnerability to drain the liquidity pool, leading to significant financial losses. By reentering the contract's functions during token transfers, the attacker could manipulate the pool's reserves and extract more tokens than they deposited, effectively stealing funds from the pool.
Tools Used
code Review
Recommendations
Implement Reentrancy Guards: Use OpenZeppelin's ReentrancyGuard contract to protect against reentrancy attacks. Apply the nonReentrant modifier to all functions that perform token transfers.
Appeal created
ERC777
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.