Update initializer modifier to prevent reentrancy during initialization. #219
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
Notional
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/package.json#L14
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashBase.sol#L35-L35
Vulnerability details
Impact
It is possible for
initializer()
protected functions to be executed twice, if this happens in the same transaction. For this to happen, either one call has to be a subcall to the other, or both calls have to be subcalls of a commoninitializer()
protected function. This can be particularly dangerous if the initialization is not part of the proxy construction, and reentrancy is possible by executing an external call to an untrusted address.https://snyk.io/test/npm/@openzeppelin/contracts/3.4.2-solc-0.7#SNYK-JS-OPENZEPPELINCONTRACTS-2320176
Proof of Concept
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/package.json#L14
https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashBase.sol#L35-L35
Tools Used
Manual.
Recommended Mitigation Steps
Upgrade to
@openzeppelin/contracts@4.4.1
+.The text was updated successfully, but these errors were encountered: