Summary

in the DSCENGine contract the Reentrancy risks are associated with external calls (e.g., ERC-20 transfer or transferFrom) that might trigger reentrant behavior. This means that a malicious contract could manipulate the state of the DSCEngine during these calls, leading to vulnerabilities such as draining collateral or bypassing checks.

Vulnerability Details

The transfer function is called after modifying the user's collateral balance:

self.user_to_token_address_to_amount_deposited[_from][token_collateral_address] -= amount_collateral

If a malicious token implements a reentrant transfer function, it could call back into the DSCEngine (e.g., via another deposit or redemption function) and manipulate the contract's state before the original transaction completes.

Impact

Without reentrancy guards, these functions could be exploited by malicious ERC-20 tokens to manipulate state.

Tools Used

N/A

Recommendations:

Use a reentrancy lock to prevent external calls from re-entering the contract during sensitive operations.

lock: public(bool)

@internal\ def non\_reentrant():\ assert not self.lock, "Reentrancy detected"\ self.lock = True\ yield # Executes the function body\ self.lock = False