You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
The prerequisite is that tokenX is ERC777 e.g. “sushi”
resolveQueuedTrades() call _openQueuedTrade()
in _openQueuedTrade() call "tokenX.transfer(queuedTrade.user)" if (revisedFee < queuedTrade.totalFee) before set queuedTrade.isQueued = false;
function _openQueuedTrade(uint256queueId, uint256price) internal {
...
if (revisedFee < queuedTrade.totalFee) {
tokenX.transfer( //***@audit call transfer , if ERC777 , can re-enter ***/
queuedTrade.user,
queuedTrade.totalFee - revisedFee
);
}
queuedTrade.isQueued =false; //****@audit change state****/
}
3.if ERC777 re-enter to #cancelQueuedTrade() to get tokenX back,it can close, because queuedTrade.isQueued still equal true
4. back to _openQueuedTrade() set queuedTrade.isQueued = false
5.so steal tokenX
Changes look good. Trade is now removed from queue before sending user refund during option opening to avoid potential reetrancy. Canceling already removed trade before sending refund so no change needed there.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
bin2chen
medium
resolveQueuedTrades() ERC777 re-enter to steal funds
Summary
_openQueuedTrade() does not follow the “Checks Effects Interactions” principle and may lead to re-entry to steal the funds
https://fravoll.github.io/solidity-patterns/checks_effects_interactions.html
Vulnerability Detail
The prerequisite is that tokenX is ERC777 e.g. “sushi”
3.if ERC777 re-enter to #cancelQueuedTrade() to get tokenX back,it can close, because queuedTrade.isQueued still equal true
4. back to _openQueuedTrade() set queuedTrade.isQueued = false
5.so steal tokenX
Impact
if tokenX equal ERC777 can steal token
Code Snippet
https://github.com/sherlock-audit/2022-11-buffer/blob/main/contracts/contracts/core/BufferRouter.sol#L350
Tool used
Manual Review
Recommendation
follow “Checks Effects Interactions”
The text was updated successfully, but these errors were encountered: