Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Cega>Discussion>Impossibility of reentrancy in the queue-processing functions
GeneralOverview
Findings
High (1)
Medium (4)
Low (2)
Informational (2)
DiscussionCentralization risksUsing non-ERC20 token standardsImpossibility of reentrancy in the queue-processing functions
Threat ModelsWhat are threat models?CegaState.solFCNProduct.solOracle.sol

Impossibility of reentrancy in the queue-processing functions

Though the processDepositQueue() and processWithdrawalQueue() functions appear to allow reentrancy using the vault.deposit(...) and vault.redeem(...) external calls, respectively, the root cause of this issue is that vault addresses are unchecked in many functions — which is already covered in finding ref.

Cega added ReentrancyGuard to the FCNProduct contract in commit d73733fb

Zellic © 2024Back to top ↑