Using delegatecall in loop TradingAccountBranch.sol
Summary
A vulnerability has been identified in the TradingAccountBranch.sol contract, specifically in the use of delegatecall within a loop. The issue pertains to multiple accreditations of msg.value when invoking delegatecall. This was found at line 300 in the file src/perpetuals/branches/TradingAccountBranch.sol.
Vulnerability Details
The identified vulnerability involves the repeated calling of delegatecall in a loop. The line in question is as follows:
When delegatecall is used, it allows the msg.value to be accredited, and this value might be accredited multiple times if caught in a loop without proper control mechanisms. This can lead to incorrect accounting and potential security implications due to unintended multiple accreditations.
Impact
The primary impact of this vulnerability is financial inaccuracies in the contract due to the multiple accreditations of msg.value. This could result in:
Over-accreditation of funds.
Potential exploit for financial gain by re-triggering the delegatecall.
Malfunctioning of contractual agreements and disrupt the trust and integrity of the trading system.
Tools Used
Manual review
Recommendations
To mitigate the identified issue, it is recommended to:
-
Avoid delegatecall in Loops:
-
Refrain from using delegatecall within a loop unless absolutely necessary and ensure all edge cases are adequately handled.
Validate msg.value Appropriately: -
Implement checks to ensure msg.value is only accredited once per intended transaction.
Use Reentrancy Guards: -
Employ reentrancy guards (e.g., OpenZeppelin ReentrancyGuard) to prevent reentrant calls that could exploit the loop.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.