Prevent possible damages by adding some more costs

Question

Prevent possible damages by adding some more costs

Closed this issue 10 months ago · 3 comments

function claimRoyalties(address reserveToken) external {
        address msgSender = _msgSender();
        uint256 amount = userTokenRoyaltyBalance[msgSender][reserveToken];
        if (amount == 0) revert MCV2_Royalty__NothingToClaim();

        userTokenRoyaltyBalance[msgSender][reserveToken] = 0;
        userTokenRoyaltyClaimed[msgSender][reserveToken] += amount; // INFO

        IERC20(reserveToken).safeTransfer(msgSender, amount);

        emit RoyaltyClaimed(msgSender, reserveToken, amount);
    }

My description
One device to prevent a possible human error attack.

Impact
If there's no proper validation or handling of external calls, this function could be susceptible to reentrancy attacks.

My Suggestion

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract MCV2_Royalty is ReentrancyGuard {
    ...
    function claimRoyalties(address reserveToken) external nonReentrant {
        ...
    }
}

Answer 1 · 2023-12-10T13:37:57.000Z

There are no external calls in this function. They are just sending tokens

Answer 2 · 2023-12-10T18:52:35.000Z

The CEI pattern is followed so there is no danger of reentrancy inside this call and the nonReentrant modifier is unnecessary.

Answer 3 · 2023-12-11T07:10:27.000Z

Thanks for your suggestion, but as @ddimitrov22 mentioned, the function follows the CEI (Checks, Effects, and Interactions) pattern, so I don't think re-entrancy is possible here.