contracts icon indicating copy to clipboard operation
contracts copied to clipboard
verified publisher icon farcasterxyz

First good issue: Reentrancy Risk in _rentStorage Function in src/IdGateway.sol

Open ATella12 opened this issue 1 year ago • 1 comments

Issue: In the _rentStorage function, the contract transfers an overpayment back to the payer using payer.sendNative(overpayment). Using send or transfer in Ethereum can be risky because it allows for potential reentrancy attacks (depending on how sendNative is implemented). If the payer is a contract, they could reenter and exploit the contract by re-calling the function in an unintended way.

Fix: The contract should implement a checks-effects-interactions pattern by ensuring all state changes are made before the external call or consider using call with safe handling.

(bool success, ) = payer.call{value: overpayment}(""); require(success, "Transfer failed");

Fixing a reentrancy risk prevents one of the most notorious attack vectors in Ethereum smart contracts.

ATella12 avatar Oct 22 '24 09:10 ATella12

Hi @ATella12, I would like to take on this issue and implement the fix.

Pawar7349 avatar Jan 15 '25 15:01 Pawar7349