Lack of Reentrancy Protection in FjordAuctionFactory.sol::createAuction()
Summary
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuctionFactory.sol
The createAuction() function interacts with external ERC20 contracts via the transferFrom method, which introduces the risk of reentrancy attacks. If the token being transferred has non-standard functionality or interacts with other contracts, an attacker could exploit reentrancy to manipulate the contract’s state.
Vulnerability Details
The contract makes external calls to transfer tokens using the transferFrom() function, which could be exploited in a reentrancy attack if the external token contract has vulnerabilities or implements custom logic. Without reentrancy protection, an attacker could re-enter the function and execute it multiple times.
Impact
A successful reentrancy attack could lead to the creation of multiple unintended auctions or result in the theft of tokens. This could cause significant financial loss or disrupt the auction process.
Tools Used
Manual Review
Recommendations
Implement reentrancy protection by using OpenZeppelin’s ReentrancyGuard and applying the nonReentrant modifier to the createAuction() function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.