Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First good issue: Reentrancy Risk in _rentStorage Function in src/IdGateway.sol #439

Open
ATella12 opened this issue Oct 22, 2024 · 0 comments
Open

First good issue: Reentrancy Risk in _rentStorage Function in src/IdGateway.sol #439

ATella12 opened this issue Oct 22, 2024 · 0 comments
Assignees
@varunsrin
Labels
bug Something isn't working

Comments

@ATella12
Copy link

Issue: In the _rentStorage function, the contract transfers an overpayment back to the payer using payer.sendNative(overpayment). Using send or transfer in Ethereum can be risky because it allows for potential reentrancy attacks (depending on how sendNative is implemented). If the payer is a contract, they could reenter and exploit the contract by re-calling the function in an unintended way.

Fix: The contract should implement a checks-effects-interactions pattern by ensuring all state changes are made before the external call or consider using call with safe handling.

(bool success, ) = payer.call{value: overpayment}("");
require(success, "Transfer failed");

Fixing a reentrancy risk prevents one of the most notorious attack vectors in Ethereum smart contracts.
@ATella12 ATella12 added the bug Something isn't working label Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@varunsrin varunsrin

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@varunsrin @ATella12