Core Contracts

Summary

The StabilityPool contract inherits OpenZeppelin’s ReentrancyGuard but does not properly initialize it in the constructor. As a result, the reentrancy protection mechanism remains inactive, exposing the contract to potential reentrancy attacks on functions handling external calls.

Vulnerability Details

• Issue:

  • The contract inherits ReentrancyGuard, but it does not invoke _initialize in the constructor or initialization function. This omission leaves the contract’s anti-reentrancy mechanisms disabled, potentially allowing attackers to exploit vulnerable functions.

• Root Cause:

  • The missing initialization of ReentrancyGuard prevents it from properly enforcing its protection.

• Affected Code:

  • The constructor or initialization function should include the following missing initialization:

    __ReentrancyGuard_init();

    ​

Impact

• Reentrancy Attack Risk:
  Without proper initialization, functions that should be protected by nonReentrant remain unguarded, potentially allowing attackers to repeatedly call them before state changes finalize.

• Potential Financial Exploits:
  If an attacker can manipulate contract balances before an update occurs, they may drain funds or create unexpected behavior in the system.

Recommendations

1. Initialize ReentrancyGuard Properly:

   • Ensure ReentrancyGuard is activated during contract setup by adding:

     __ReentrancyGuard_init();

     ​

2. Modify the initialize Function:

   • Add the missing initialization in the setup process:

     function initialize(

     address _rToken,

     address _deToken,

     address _raacToken,

     address _raacMinter,

     address _crvUSDToken,

     address _lendingPool

     ) public initializer {

     __ReentrancyGuard_init(); // Ensures reentrancy protection is active

     ...

     }

     ​