OrderBook

First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Submission Details
Impact: high
Likelihood: high
Invalid

Reentrancy in External Calls

Problem

  • Functions such as amendSellOrder, cancelSellOrder, and buyOrder interact with external ERC20 contracts via safeTransfer and safeTransferFrom.

  • If a malicious ERC20 token is whitelisted, it could execute a reentrancy attack by calling back into the contract before state changes are finalized.

Chained Risk:

  • Attackers could combine reentrancy with other vulnerabilities (e.g., fee withdrawal or order amendments) to drain funds or corrupt order state.


Recommended Mitigation:

  • Use OpenZeppelin’s ReentrancyGuard on all external functions that transfer tokens.

  • Always update contract state before making any external calls.

Updates

Lead Judging Commences

yeahchibyke Lead Judge
about 2 months ago
yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.