Proxy initialization reentrancy fix #34
Comments
gabririgo
changed the title
|
view methods to an external contract execute a staticcall and therefore pool initialization cannot be reentered in the context of rigoblock. Although adding a non-reentrant modifier would future-proof the proxy initialization, there is no apparent need for a non-view call to an external contract during pool initialization, therefore it is pointless to add gas cost to pool deployment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Pool initialization can be reentered.
Motivation
Since during proxy initialization an arbitrary external contract is called, the method could potentially be reentered.
Specification
A non-reentrant modifier should be added to the proxy factory contracts to avoid potential side effects. Since this requires upgrading the factories, we could alternatively apply the modifier to the
initializemethod in the implementations, where the external contract is called.The new modifier should use EIP-1553 - transient storage.
Should also check if we want to just use a low-level
staticcallwhen calling an untrusted external contract to read data, as during the initialization.The text was updated successfully, but these errors were encountered: