Code4renaCODE423N4:2022-12-POOLTOGETHER-FINDINGS-ISSUES-43Potential reentrancy attack
Lines of code
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-optimism/EthereumToOptimismExecutor.sol#L45>
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-polygon/EthereumToPolygonExecutor.sol#L44>
Vulnerability details
Impact
There is a potential of reentrancy attack in executeCalls() in EthereumToArbitrumExecutor.sol since CallLib is making an external call with its executeCalls() and we do not know the implementation of the contract that will be called eventually.
The same issue occurs also in EthereumToOptimismExecutor.sol and EthereumToPolygonExecutor
Also in EthereumToArbitrumRelayer.sol, EthereumToOptimismRelayer.sol and EthereumToPolygonRelayer.sol since the functions are marked as payable this could also lead to stealing user funds
#Proof of Concept
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-optimism/EthereumToOptimismExecutor.sol#L45>
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-polygon/EthereumToPolygonExecutor.sol#L44>
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-arbitrum/EthereumToArbitrumRelayer.sol#L101>
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-optimism/EthereumToOptimismRelayer.sol#L49>
<https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-polygon/EthereumToPolygonRelayer.sol#L45>
Tools Used
Manual review
Recommended Mitigation Steps
Usage of OpenZeppelinβs nonReentrant guard or some other custom implementation preventing this attack
The text was updated successfully, but these errors were encountered:
All reactions