Re-entrancy in Compound
We were requested to provide a cursory review of re-entrancy issues in compound right after the rari hack↗. Following are our recommendations:
Consider updating the
doTransferOutinCEther.solto prevent possible re-entrancy.
function doTransferOut(address to, uint256 amount) internal override {
// Send the Ether and revert on failure
- (bool success, ) = to.call{ value: amount }("");
+ to.transfer(amount);
require(success, "doTransferOut failed");
} Consider updating the
borrowInternalinCToken.solto correctly follow check-effects-interaction, preventing exploitation from exotic ERC20s with callbacks.
function borrowFresh(address borrower, uint256 borrowAmount) internal returns (uint256) {
...
- doTransferOut(borrower, borrowAmount);
/* We write the previously calculated values into storage */
accountBorrows[borrower].principal = vars.accountBorrowsNew;
accountBorrows[borrower].interestIndex = borrowIndex;
totalBorrows = vars.totalBorrowsNew;
+ doTransferOut(borrower, borrowAmount);If possible, merge patches from latest
Compoundcodebase. This would prevent any known issues from inadvertently causing unexpected problems in the future.