Lines of code
<https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L202>
Functions in this contract or inherited functions can be reentered.
In Vault.sol the withdrawAVAX() and redeemAVAX() functions make an external call to the msg.sender by way of _safeTransferETH. This allows the caller to reenter this and other functions in this and other protocol files. Other instances of this vulnerability exist throughout the code. However, in this particular case, msg.sender isn’t a network contract or guardian but a user. This makes it susceptible to malicious reentrancy
Manual
Add a reentrancy guard
The text was updated successfully, but these errors were encountered:
All reactions