Reentrancy vulnerability in borrowFresh function
Description
The borrowFresh function in Compound performs a state update after doTransferOut, which can lead to a reentrancy attack. This occurs when an attacker can manipulate the function to execute multiple times before the state is updated, potentially draining the contract's funds.
Examples
Insecure Code
solidity
function borrowFresh(...) {
...
doTransferOut(...);
}Secure Code
solidity
function borrowFresh(...) {
accountBorrows[borrower].interestIndex = borrowIndex;
...
doTransferOut(...);
}Remediation
Update the borrowFresh function to perform the state update before calling doTransferOut.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0281 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-841 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | COMPLEX |
| Tags | reentrancy, smart contract |
| OWASP | N/A |
References
- https://twitter.com/blocksecteam/status/1509466576848064512
- https://explorer.fuse.io/address/0x139Eb08579eec664d461f0B754c1F8B569044611
- https://twitter.com/peckshield/status/1509431646818234369
- https://slowmist.medium.com/another-day-another-reentrancy-attack-5cde10bbb2b4