Add missing reentrancy guard (#844)

* Add missing reentrancy guard * remove duplicate tests * remove unnecessary reenctrancy protection
bosonprotocol · Dec 11, 2023 · 33fbbbd · 33fbbbd
1 parent d96fcfd
commit 33fbbbd
Show file tree

Hide file tree

Showing 3 changed files with 3,630 additions and 3,867 deletions.
diff --git a/contracts/protocol/facets/ExchangeHandlerFacet.sol b/contracts/protocol/facets/ExchangeHandlerFacet.sol
@@ -543,6 +543,10 @@ contract ExchangeHandlerFacet is DisputeBase, BuyerBase, IBosonExchangeHandler,
      * - Voucher has expired
      * - New buyer's existing account is deactivated
      *
+     * N.B. This method is not protected with reentrancy guard, since it clashes with price discovery flows.
+     * Given that it does not rely on msgSender() for authentication and it does not modify it, it is safe to leave it unprotected.
+     * In case of reentrancy the only inconvenience that could happen is that `executedBy` field in `VoucherTransferred` event would not be set correctly.
+     *
      * @param _tokenId - the voucher id
      * @param _newBuyer - the address of the new buyer
      */
@@ -605,6 +609,10 @@ contract ExchangeHandlerFacet is DisputeBase, BuyerBase, IBosonExchangeHandler,
      * - Offer price is discovery, transaction is not starting from protocol nor seller is _from address
      * - Any reason that ExchangeHandler commitToOfferInternal reverts. See ExchangeHandler.commitToOfferInternal
      *
+     * N.B. This method is not protected with reentrancy guard, since it clashes with price discovery flows.
+     * Given that it does not rely on msgSender() for authentication and it does not modify it, it is safe to leave it unprotected.
+     * In case of reentrancy the only inconvenience that could happen is that `executedBy` field in `BuyerCommitted` event would not be set correctly.
+     *
      * @param _tokenId - the voucher id
      * @param _to - the receiver address
      * @param _from - the address of current owner
@@ -620,11 +628,6 @@ contract ExchangeHandlerFacet is DisputeBase, BuyerBase, IBosonExchangeHandler,
         // Cache protocol status for reference
         ProtocolLib.ProtocolStatus storage ps = protocolStatus();
 
-        // Make sure that protocol is not reentered
-        // Cannot use modifier `nonReentrant` since it also changes reentrancyStatus to `ENTERED`
-        // This would break the flow since the protocol should be allowed to re-enter in this case.
-        if (ps.reentrancyStatus == ENTERED) revert ReentrancyGuard();
-
         // Derive the offer id
         uint256 offerId = _tokenId >> 128;
 

diff --git a/contracts/protocol/facets/PriceDiscoveryHandlerFacet.sol b/contracts/protocol/facets/PriceDiscoveryHandlerFacet.sol
@@ -75,7 +75,7 @@ contract PriceDiscoveryHandlerFacet is IBosonPriceDiscoveryHandler, PriceDiscove
         address payable _buyer,
         uint256 _tokenIdOrOfferId,
         PriceDiscovery calldata _priceDiscovery
-    ) external payable override exchangesNotPaused buyersNotPaused {
+    ) external payable override exchangesNotPaused buyersNotPaused nonReentrant {
         // Make sure buyer address is not zero address
         if (_buyer == address(0)) revert InvalidAddress();