BriVault

First Flight #52

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: low

Invalid

Missing Reentrancy Protection

objectplayer

Root + Impact

deposit() method is calling external method safeTransfer without proper reentrancy guards

Description

Functions with external calls should use checks-effects-interactions or reentrancy guards.
deposit() method is making external calls after state changes.

function deposit(uint256 assets, address receiver) public override returns (uint256) {

require(receiver != address(0));

// ... previous code ...

stakedAsset[receiver] = stakeAsset;

uint256 participantShares = _convertToShares(stakeAsset);

IERC20(asset()).safeTransferFrom(msg.sender, participationFeeAddress, fee); // @> External call

IERC20(asset()).safeTransferFrom(msg.sender, address(this), stakeAsset); // @> External call

// ... rest of code ...

}

Risk

Likelihood:

It occurs whenever deposit is done and assets is malicious token which may call deposit inside the transaction
As it requires ERC777 or any token, most ERC20 tokens safe but if token is upgraded then there can be risk of reentrancy attack

Impact:

Potential reentrancy attacks & could drain vault funds
State corruption

Proof of Concept

Let suppose asset token is a ERC-777 token, which call withdraw() method whenever token are received

// If asset is ERC777

contract Attacker {

function tokensReceived(...) external {

// Reentry attempt

vault.withdraw();

}

Recommended Mitigation

By adding ReentrancyGuard of openzeppelin can protect such methods

+ import {ReentrancyGuard} from "@openzeppelin/contracts/security/ReentrancyGuard.sol";

- contract BriVault is ERC4626, Ownable {

+ contract BriVault is ERC4626, Ownable, ReentrancyGuard {

- function deposit(uint256 assets, address receiver) public override returns (uint256) {

+ function deposit(uint256 assets, address receiver) public override nonReentrant returns (uint256) {

Updates

Appeal created

bube Lead Judge 19 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

193

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!