Skip to content

Latest commit

 

History

History
32 lines (24 loc) · 1.52 KB

Reentrancy could lead to incorrect order of emitted events.md

File metadata and controls

32 lines (24 loc) · 1.52 KB

The order of operations in the _moveTokensAndETHfromAdjustment function in the BorrowOperations contract may allow an attacker to cause events to be emitted out of order.

In the event that the borrower is a contract, this could trigger a callback into BorrowerOperations, executing the _adjustTrove flow above again.

As the _moveTokensAndETHfromAdjustment call is the final operation in the function the state of the system on-chain cannot be manipulated. However, there are events that are emitted after this call.

In the event of a reentrant call, these events would be emitted in the incorrect order.

The event for the second operation i s emitted first, followed by the event for the first operation.

Any off-chain monitoring tools may now have an inconsistent view of on-chain state.

Recommendation:

Apply the checks-effects-interactions pattern and move the event emissions above the call to _moveTokensAndETHfromAdjustment to avoid the potential reentrancy.


Slide Screenshot

134.jpg


Slide Text

  • ToB Audit Liquidity Finding 6
  • Undefined Behavior Logging
  • REentrancy -> Event Ordering
  • Apply CEI Pattern

References


Tags