Assessment reports>Ionic Protocol>Discussion>Re-entrancy in Compound

Re-entrancy in Compound

We were requested to provide a cursory review of re-entrancy issues in compound right after the rari hack. Following are our recommendations:

  • Consider updating the doTransferOut in CEther.sol to prevent possible re-entrancy.

function doTransferOut(address to, uint256 amount) internal override {
  // Send the Ether and revert on failure
-  (bool success, ) ={ value: amount }("");
+  to.transfer(amount);
  require(success, "doTransferOut failed");
  • Consider updating the borrowInternal in CToken.sol to correctly follow check-effects-interaction, preventing exploitation from exotic ERC20s with callbacks.

function borrowFresh(address borrower, uint256 borrowAmount) internal returns (uint256) {
-  doTransferOut(borrower, borrowAmount);

  /* We write the previously calculated values into storage */
  accountBorrows[borrower].principal = vars.accountBorrowsNew;
  accountBorrows[borrower].interestIndex = borrowIndex;
  totalBorrows = vars.totalBorrowsNew;

+  doTransferOut(borrower, borrowAmount);
  • If possible, merge patches from latest Compound codebase. This would prevent any known issues from inadvertently causing unexpected problems in the future.

Zellic © 2023Back to top ↑