Reentrancy Vulnerability in MembershipFactory Contract with Arbitrary External Calls
Summary
https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/MembershipFactory.sol#L176
When a contract call is made via callExternalContract, the external contract's code is executed with the same gas allowance, which can result in reentrancy — a condition where the external contract calls back into the MembershipFactory contract, potentially before the initial call finishes executing.
Vulnerability Details
In this code, the function callExternalContract makes a low-level call to the specified contractAddress using the call method. The call method forwards all available gas to the target contract, meaning that the target contract can potentially reenter the MembershipFactory contract if it calls any functions within it during its execution.
This leaves the MembershipFactory contract vulnerable to reentrancy attacks. Since there is no mechanism to restrict the flow or manage gas usage, an attacker could manipulate the contract by invoking it recursively, causing unintended consequences.
Impact
If the attacker is able to manipulate state variables like membership tiers or role assignments during a reentrant call, they could bypass logic that governs permissions causing significant disruptions to the system
Tools Used
Manual review
Recommendations
Implement a reentrancy guard (e.g., OpenZeppelin’s ReentrancyGuard) in all functions that interact with external contracts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.