Platform: Code4rena
Start Date: 08/07/2021
Pot Size: $50,000 USDC
Total HM: 7
Participants: 13
Period: 7 days
Judge: ghoulsol
Total Solo HM: 5
Id: 18
League: ETH
Rank: 3/13
Findings: 2
Award: $2,749.02
🌟 Selected for report: 1
🚀 Solo Findings: 1
🌟 Selected for report: pauliax
2749.0229 USDC - $2,749.02
pauliax
function withdrawBorrowETH invokes _wethWithdrawTo and later _checkMinReserve, however, the check of reserve is not necessary here, as function _wethWithdrawTo also does that after transferring the ether. However, this reserve check might be bypassed as TransferHelper._wethWithdrawTo uses a low level call that is vulnerable to re-entrancy attacks. As this MIN_RESERVE sounds like an important value, you should consider preventing re-entrancy attacks here. // Prevents division by zero and other undesirable behavior uint public constant MIN_RESERVE = 1000;
Consider using re-entrancy guard on all main action functions (e.g. deposit, withdraw, borrow, repay, etc): https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/ReentrancyGuard.sol