ERC777 tokensReceived() Reentrancy
Description
The tokensReceived() function in ERC777 tokens is vulnerable to reentrancy attacks, which can lead to unintended behavior and potential security risks.
Examples
Insecure Code
solidity
contract MyContract { function tokensReceived(...) { tokenContract.tokensReceived(...); } }Secure Code
solidity
contract MyContract { function tokensReceived(...) { // Update state first; tokenContract.tokensReceived(...); } }Remediation
Use the Checks-Effects-Interactions pattern to prevent reentrancy attacks. Ensure that all state changes are made before making external calls.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0108 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-841 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | reentrancy, erc777 |
| OWASP | N/A |
References
- https://etherscan.io/address/0xf53f00f844b381963a47fde3325011566870b31f
- https://mirror.xyz/baconcoin.eth/LHaPiX38mnx8eJ2RVKNXHttHfweQMKNGmEnX4KUksk0