Prevent possible damages by adding some more costs
Closed this issue · 3 comments
contract-whale commented
function claimRoyalties(address reserveToken) external {
address msgSender = _msgSender();
uint256 amount = userTokenRoyaltyBalance[msgSender][reserveToken];
if (amount == 0) revert MCV2_Royalty__NothingToClaim();
userTokenRoyaltyBalance[msgSender][reserveToken] = 0;
userTokenRoyaltyClaimed[msgSender][reserveToken] += amount; // INFO
IERC20(reserveToken).safeTransfer(msgSender, amount);
emit RoyaltyClaimed(msgSender, reserveToken, amount);
}
My description
One device to prevent a possible human error attack.
Impact
If there's no proper validation or handling of external calls, this function could be susceptible to reentrancy attacks.
My Suggestion
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract MCV2_Royalty is ReentrancyGuard {
...
function claimRoyalties(address reserveToken) external nonReentrant {
...
}
}
0x3agle commented
There are no external calls in this function. They are just sending tokens
ddimitrov22 commented
The CEI pattern is followed so there is no danger of reentrancy inside this call and the nonReentrant
modifier is unnecessary.
sydneyitguy commented
Thanks for your suggestion, but as @ddimitrov22 mentioned, the function follows the CEI (Checks, Effects, and Interactions) pattern, so I don't think re-entrancy is possible here.