The PreMarktes
contract is vulnerable to reentrancy attacks due to the lack of reentrancy guards in the createOffer
and closeOffer
functions. An attacker can exploit this by recursively calling the vulnerable functions, causing inconsistent contract state and potential financial loss.
The vulnerability lies in the createOffer
and closeOffer
functions, which transfer tokens before updating the contract state. Specifically, the external call to tokenManager.tillIn
can be exploited by a malicious contract to reenter the createOffer
function before the state variables are updated.
An attacker can exploit this vulnerability to:
Reenter the createOffer
function, creating multiple offers without the expected constraints.
Drain funds from the contract or cause financial loss to other users by manipulating the contract state.
Manual
Implement Reentrancy Guard: Add the nonReentrant
modifier to the createOffer
and closeOffer
functions to prevent reentrancy attacks.
Reorder State Updates and External Calls: Ensure that all state updates occur before any external calls to mitigate the risk of reentrancy.
Before Changes :
After Changes:
Adding the nonReentrant
Modifier:
Before: The createOffer
function did not have any protection against reentrancy.
After: Adding the nonReentrant
modifier ensures that the function cannot be called recursively, preventing reentrancy attacks.
Reordering State Updates and External Calls:
Before: The state variables (like offerId
, makerInfoMap
, offerInfoMap
, and stockInfoMap
) were updated after the external call to tokenManager.tillIn
.
After: The state variables are updated before the external call to tokenManager.tillIn
.
Reentrancy Attack: Without the nonReentrant
modifier, an attacker can exploit the external call within the createOffer
function to reenter the function before the state updates are finalized. This reentrancy can allow the attacker to manipulate the state or drain funds.
Impact on Funds: The attacker can:
Drain Funds: Reenter the createOffer
function multiple times, causing the contract to think multiple offers are being created and draining more funds than intended.
Manipulate State: Reenter the createOffer
function and create multiple offers or close offers in a way that benefits them, leading to financial loss for other users.
Invalid, all [vague generalities](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#vague-generalities) talking about possible reentrancies 11and afaik, reentrancy is not possible and not proven.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.