Round Neon Kestrel
Medium
The lack of reentrancy protection in the commitCollateral() function will cause a vulnerability for the protocol as an attacker can re-enter the function, causing unintended behavior and potentially draining the collateral.
In CollateralManager.sol:88, the function commitCollateral() involves a state-changing operation (mapping update) and a token transfer without any reentrancy protection. This could lead to a reentrancy attack where an attacker can recursively call commitCollateral() and manipulate the state during the process.
-
Attacker needs to invoke
commitCollateral()while holding control over the execution flow, such as through an external call to a vulnerable contract. -
The attacker needs to ensure the collateral is of a valid type and has sufficient amount to be deposited.
Attacker needs to control a malicious contract that can re-enter commitCollateral() during execution.
- The attacker creates a malicious contract that calls
commitCollateral(). - During execution, the malicious contract re-enters the function, manipulating collateral or bypassing checks.
The protocol suffers potential collateral loss, as attackers can repeatedly deposit collateral without it being properly accounted for, draining assets from the protocol. The attacker gains the ability to manipulate collateral deposits, causing financial loss.
No response
Use a ReentrancyGuard modifier or implement the checks-effects-interactions pattern to prevent reentrancy issues.