Algo Ssstablecoinsss

First Flight #30
Beginner FriendlyDeFi
100 EXP
View results
Submission Details
Severity: high
Invalid

Reentrancy in External Calls

Summary

in the DSCENGine contract the Reentrancy risks are associated with external calls (e.g., ERC-20 transfer or transferFrom) that might trigger reentrant behavior. This means that a malicious contract could manipulate the state of the DSCEngine during these calls, leading to vulnerabilities such as draining collateral or bypassing checks.

Vulnerability Details

The transfer function is called after modifying the user's collateral balance:

self.user_to_token_address_to_amount_deposited[_from][token_collateral_address] -= amount_collateral

If a malicious token implements a reentrant transfer function, it could call back into the DSCEngine (e.g., via another deposit or redemption function) and manipulate the contract's state before the original transaction completes.

Impact

Without reentrancy guards, these functions could be exploited by malicious ERC-20 tokens to manipulate state.

Tools Used

N/A

Recommendations:

Use a reentrancy lock to prevent external calls from re-entering the contract during sensitive operations.

lock: public(bool)

@internal\ def non\_reentrant():\ assert not self.lock, "Reentrancy detected"\ self.lock = True\ yield # Executes the function body\ self.lock = False

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.