amendSellOrder
function violates the Checks-Effects-Interactions (CEI) pattern by performing token transfers before updating order state. When decreasing order amounts, tokens are transferred back to the seller before order storage is updated. If the owner adds tokens with callback mechanisms, an attacker could exploit reentrancy during the safeTransfer
to manipulate order state and potentially drain protocol tokens.The amendSellOrder
function allows users to modify their existing sell orders, including decreasing the token amount, which triggers a token transfer back to the seller.
The function violates the Checks-Effects-Interactions (CEI) pattern by performing external token transfers before updating the order state in storage.
This is not a risk with the current tokens in the protocol, which do not have callbacks functions, but could become if new tokens are approved.
Likelihood: Low
The owner adds a token with callback functionality (hooks, rebasing tokens, or malicious tokens) to the allowed sell tokens list. Since only the owner can approve new tokens, this is not a likely outcome but perhaps enhances the centralization risk.
A user creates an order with such a token and later calls amendSellOrder
to decrease the amount, triggering the vulnerable transfer.
Impact: High
Reentrancy during the token transfer can allow manipulation of order state before updates are committed
Attacker could potentially drain protocol tokens or manipulate multiple orders simultaneously through recursive calls
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.