Summary

Findings report for the reentrancy vulnerability in RegistryAdapter._configureRegistry function in RegistryAdapter.sol.

Description

The function _configureRegistry in RegistryAdapter.sol is susceptible to reentrancy due to an external call to newRegistry.trustAttesters(threshold, attesters) followed by an event emission ERC7484RegistryConfigured(newRegistry).

Code Snippet

• External Call: The function makes an external call to trustAttesters on newRegistry, which can alter the state of newRegistry.

• Event Emitted: ERC7484RegistryConfigured event is emitted after the external call, potentially capturing an intermediate state.

Impact

• Severity: Low

• Confidence: Medium

If trustAttesters modifies the state of newRegistry in a way that triggers reentry into _configureRegistry, the contract's state may be manipulated unexpectedly. This could lead to inconsistencies in event emissions or unintended changes in contract state.

While the severity is low, the vulnerability introduces risks of inconsistent event emissions and potential state manipulation during contract execution.

Tools Used

Manual code review

Recommendations

To mitigate the reentrancy vulnerability in RegistryAdapter._configureRegistry:

• Reentrancy Guarding:
  Implement reentrancy guards such as the "Checks-Effects-Interactions" pattern to ensure critical state changes are completed before any external calls or event emissions.

• Event Handling Best Practices:
  Emit events after all state changes are finalized to maintain event log consistency and prevent reentrancy-related issues.