Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reentrancy for function call before state update #294

Closed
code423n4 opened this issue Jul 19, 2022 · 2 comments
Closed

Reentrancy for function call before state update #294

code423n4 opened this issue Jul 19, 2022 · 2 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L819-L821

Vulnerability details

Impact

An external call "_transfer" is made before updating state data through "_setFuses" and "_setFuses" does not depend on any data from "_transfer".

https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L819-L821.

Proof of Concept

Reentrancy is not only an effect of Ether transfer but of any function call on another contract.

The contract should make use of the Checks-Effects-Interactions Pattern.

Recommended Mitigation Steps

Update the state before making the external call.

$ git diff --no-index NameWrapper.sol.orig NameWrapper.sol
diff --git a/NameWrapper.sol.orig b/NameWrapper.sol
index b652447..d0dfa6f 100644
--- a/NameWrapper.sol.orig
+++ b/NameWrapper.sol
@@ -817,8 +817,8 @@ contract NameWrapper is
         uint64 expiry
     ) internal {
         (address owner, , ) = getData(uint256(node));
-        _transfer(owner, newOwner, uint256(node), 1, "");
         _setFuses(node, newOwner, fuses, expiry);
+        _transfer(owner, newOwner, uint256(node), 1, "");
     }
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jul 19, 2022
code423n4 added a commit that referenced this issue Jul 19, 2022
@code423n4
brgltd issue #294
adf5b56
@sseefried
Copy link

Duplicate of #124

@Arachnid Arachnid added the duplicate This issue or pull request already exists label Jul 27, 2022
@dmvt dmvt added 3 (High Risk) Assets can be stolen/lost/compromised directly and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Aug 3, 2022
@dmvt
Copy link
Collaborator

dmvt commented Aug 3, 2022

Duplicate of #84

@dmvt dmvt marked this as a duplicate of #84 Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Arachnid @sseefried @dmvt @code423n4