Understand a vulnerable contract marked by Oyente
div-code opened this issue · 0 comments
Hello,
I am interested in this tool and played a bit with it. So far Oyente told me that the following contract is vulnerable regarding reentrancy
bug:
https://etherscan.io/address/0xd4fa166d5ffe8f78230fc05e6850881dc08b2da2#code
However, it seems a bit confusing here, because basically I am not able to even find a sstore
instruction in the disassembled output:
https://ethervm.io/decompile?address=0x136823ea3fc4a3189a17041ee0285c1103f3d900&network=
Clearly reentrancy
means that if there is a storage update after a call
instruction and that storage update is unfortunately read out within the same function, then an inconsistent stage happens which could lead to some bugs or vulnerabilities. In other words, even if a call
instruction is presented, as long as there is no storage access (like sstore
), then reentrancy does not make sense.
Am I missed anything here? Thanks.