Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Reentrancy Vulnerability in createOffer and createTaker Functions

rea

Summary

The functions involve multiple external calls(e.g. token transfers) without proper reentrancy protection, which could be exploited.

Vulnerability Details

An attacker could re-enter the function via callbacks, manipulating state variables like offerld, makerInfoMap, offerInfoMap, and stockInfoMap.

Impact

An attacker could exploit these external calls to re-enter the contracts and manipulate it's state.

Tools Used

Manual review

CODE SNIPPET

function createOffer(CreateOfferParams calldata params) external payable {
function createTaker(address _offer, uint256 _points) external payable {

Recommendations

Use Reentrancy guard modifier to prevent reentrancy attacks

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract PreMarkets is ReentrancyGuard{
//Apply the nonReentrant modifier to vulnerable functions
function createOffer(CreateOfferParams calldata params) external payable nonReentrant
{...}
function createTaker(address_offer,uint256 _points) external payable nonReentrant{...}
}
Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
Assigned finding tags:

[invalid] finding-PreMarkets-reentrancy

Invalid, all [vague generalities](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#vague-generalities) talking about possible reentrancies 11and afaik, reentrancy is not possible and not proven.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.