Reentrancy can increase allowance
can be used to take more funds than expected
#497
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
invalid
This doesn't seem right
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
responded
The Holograph team has reviewed and responded
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/enforcer/HolographERC20.sol#L420-L437
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/enforcer/HolographERC20.sol#L363-L378
Vulnerability details
Reentrancy can increase
allowance
can be used to take more funds than expectedIn the same way as the typical front run of ERC20 approve/transferFrom, you would be able to take money when calling maliciousERC20.beforeApprove() hook, this would realize a transferFrom using old allowance then reset value of allowance to the expected value and being able to still take the money out.
Proof of Concept
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/enforcer/HolographERC20.sol#L420-L437
Also decrease and some ERC721 has reentrancy, however in withdrawing erc721 is not too effective
https://github.com/code-423n4/2022-10-holograph/blob/24bc4d8dfeb6e4328d2c6291d20553b1d3eff00b/contracts/enforcer/HolographERC20.sol#L363-L378
tools
Slither, manual analysis
Recommended Mitigation Steps
OpenZeppelin/ReentrancyGuard.sol
The text was updated successfully, but these errors were encountered: