Potential Exploitation via Reentrancy Attack in External Calls within claimAndSwap
Function
The claimAndSwap
function, present in all three strategy contracts, is critically vulnerable to reentrancy attacks. Since it interacts with external components like the transmuter and router, malicious actors could exploit this vulnerability to reenter the contract and drain protocol funds, leading to significant exploitation risks.
Here's the implementation of claimAndSwap
function in StrategyOp contract:
And here's how _swapUnderlyingToAsset
function interacts with router:
The claimAndSwap
function involves multiple external calls, making it susceptible to reentrancy attacks. This vulnerability allows attackers to repeatedly call the function, potentially draining funds, corrupting balances, or leaving critical contract variables in an inconsistent state. It can further deminify financial losses and disrupt user trust in the protocol.
Additionally, this reentrancy vulnerability exists in couple other functions like _deployFunds
and _freeFunds
.
The vulnerability in the claimAndSwap function could lead to fund theft, state inconsistencies, and significant financial and reputational damage to the protocol if exploited.
Manual Review
Add nonReentrant
modifier to these external functions to prevent any possible reentrancy attacks.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.