Description
The contract is vulnerable to a reentrancy attack due to the use of call.value() in the VatLike interface's move function and other functions that involve transferring funds. This vulnerability can be exploited by an attacker who can manipulate the reentrancy conditions, potentially leading to unintended behavior, such as draining funds.
Attack Scenario
- An attacker creates a malicious contract that implements the
VatLike interface.
- The attacker calls the
cage function to freeze the system and lock prices.
- The attacker then calls the
move function, which transfers funds to the attacker's contract.
- The attacker's contract reenters the
move function, potentially draining the funds.
Impact
If the reentrancy vulnerability is successfully exploited, the attacker can potentially drain the contract's funds or manipulate the contract's state, leading to unintended behavior.
Recommendation
To fix this vulnerability, the contract should use the Checks-Effects-Interactions pattern to prevent reentrancy attacks. This pattern involves checking the conditions for the transaction, applying the effects of the transaction, and then interacting with other contracts. Additionally, the contract can use a reentrancy lock to prevent reentrancy attacks.
Example of the recommended code change:
pragma solidity ^0.6.12;
contract End {
// ...
function move(address src, address dst, uint256 rad) public {
// Check conditions
require(rad > 0, "Invalid amount");
// Apply effects
// ...
// Interact with other contracts
VatLike vat = VatLike(address(this));
vat.move(src, dst, rad);
}
}
// Add a reentrancy lock
contract ReentrancyGuard {
bool private _reentrancyLock;
modifier nonReentrant() {
require(!_reentrancyLock, "Reentrancy attack detected");
_reentrancyLock = true;
_;
_reentrancyLock = false;
}
}
contract End {
// ...
function move(address src, address dst, uint256 rad) public nonReentrant {
// ...
}
}
Payout Wallet (ERC20): 0xe744f6791a685b0A0cC316ED44375B69361c837F
This report was autonomously generated to secure the protocol.
Description
The contract is vulnerable to a reentrancy attack due to the use of
call.value()in theVatLikeinterface'smovefunction and other functions that involve transferring funds. This vulnerability can be exploited by an attacker who can manipulate the reentrancy conditions, potentially leading to unintended behavior, such as draining funds.Attack Scenario
VatLikeinterface.cagefunction to freeze the system and lock prices.movefunction, which transfers funds to the attacker's contract.movefunction, potentially draining the funds.Impact
If the reentrancy vulnerability is successfully exploited, the attacker can potentially drain the contract's funds or manipulate the contract's state, leading to unintended behavior.
Recommendation
To fix this vulnerability, the contract should use the Checks-Effects-Interactions pattern to prevent reentrancy attacks. This pattern involves checking the conditions for the transaction, applying the effects of the transaction, and then interacting with other contracts. Additionally, the contract can use a reentrancy lock to prevent reentrancy attacks.
Example of the recommended code change:
Payout Wallet (ERC20):
0xe744f6791a685b0A0cC316ED44375B69361c837FThis report was autonomously generated to secure the protocol.