Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Alkimiya>Informational findings>The ,collateralizedMint, function lacks the ,nonReentrant, modifier
GeneralOverview
Findings
Critical (3)
High (1)
Medium (2)
Low (1)
Informational (2)The collateralizedMint function lacks the nonReentrant modifierPotential centralization risk from fee configuration
DiscussionThe sBountyGracePeriod has no limit
Threat ModelWhat are threat models?BTCFeeIndex.solSilicaPools.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

The collateralizedMint function lacks the nonReentrant modifier

Informational Severity
Informational Impact
N/A Likelihood

Description

The collateralizedMint function lacks the nonReentrant modifier, which would prevent a reentrancy attack in the function.

Impact

Since the collateralizedMint function does an external call of the onERC1155Received function of the shares receiver contract, it can theoretically be reentered in, with apparently no security implications as for the current state of the contract.

Recommendations

We recommend adding the nonReentrant modifier to the collateralizedMint function.

Remediation

This issue has been acknowledged by Alkimiya, and fixes were implemented in the following commits:

Zellic © 2024Back to top ↑