Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Reentrancy vulnerabilities in FjordAuctionFactory::createAuction

heim

Summary

A potential reentrancy vulnerability has been identified in the AuctionFactory.createAuction function. The issue arises from the ordering of external calls and event emissions. Specifically, the transferFrom function call, which interacts with an external ERC-20 token contract, occurs before emitting the AuctionCreated event. This ordering may be exploited under certain conditions, potentially allowing reentrancy attacks.

Vulnerability Details

The createAuction function invokes IERC20(auctionToken).transferFrom, which interacts with an external ERC-20 token contract. If the external token contract is malicious or poorly implemented, this interaction could trigger reentrant calls, potentially leading to unexpected behavior or security risks.

External Call in the CreateAuction Function:

IERC20(auctionToken).transferFrom(msg.sender, auctionAddress, totalTokens);

Event Emission Occurs After the Call:

emit AuctionCreated(auctionAddress);

Impact

Reentrancyacks: A malicious ERC-20 token contract could exploit the reentrant call to execute additional interactions back into the createAuction function or other vulnerable functions, potentially leading to unauthorized auctions or manipulation of contract state.
State Corruption: Reentrancy might cause unintended state corruption if the function involved multiple states or complex logic, endangering the overall integrity and predictability of the contract.

Tools Used

Manuel code review

Recommendations

Reorder Operations: To mitigate the reentrancy risk, the order of operations should be adjusted, following the "Checks-Effects-Interactions" pattern. Emitting events should occur before making external calls:

function createAuction(
address auctionToken,
uint256 biddingTime,
uint256 totalTokens,
bytes32 salt
)
external
onlyOwner
{
address auctionAddress = address(
new FjordAuction{ salt: salt }(fjordPoints, auctionToken, biddingTime, totalTokens)
);

emit AuctionCreated(auctionAddress);

IERC20(auctionToken).transferFrom(msg.sender, auctionAddress, totalTokens);
}

Additional Safeguards:
- Reentrancy Guard: Use OpenZeppelin’s ReentrancyGuard to add an additional layer of protection against reentrancy.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.