Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Reentrancy in `PerpetualVault.sol::_cancelFlow()`

glitchunter

Summary

PerpetualVault.sol::_cancelFlow()
The _cancelFlow() function in PerpetualVault.sol performs external token transfers before updating the state. This creates a reentrancy vulnerability that attackers could exploit to withdraw funds multiple times.

Vulnerability Details

collateralToken.safeTransfer(depositInfo[depositId].owner, depositInfo[depositId].amount);
delete depositInfo[depositId];

safeTransfer() is called before delete depositInfo[depositId], allowing an attacker to reenter the contract and manipulate depositInfo before deletion.

Impact

  • POC

contract ReentrancyAttacker {
PerpetualVault vault;
constructor(address _vault) {
vault = PerpetualVault(_vault);
}
function attack(uint256 depositId) external {
vault.cancelFlow(depositId);
// Reenter before state updates, causing multiple withdrawals
}
}

The attacker could call cancelFlow() repeatedly before state variables are updated, draining the vault.

  • Fund Theft: Attackers can withdraw more than they are entitled to.

  • Denial of Service: Reentrancy attacks could lock the contract and prevent legitimate withdrawals.

Tools Used

Manual Review

Recommendations

  • Use Reentrancy Guard (nonReentrant)

  • Apply Checks-Effects-Interactions Pattern

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!