Understand a vulnerable contract marked by Oyente

Question

Understand a vulnerable contract marked by Oyente

div-code opened this issue 6 years ago · 0 comments

Hello,

I am interested in this tool and played a bit with it. So far Oyente told me that the following contract is vulnerable regarding reentrancy bug:

https://etherscan.io/address/0xd4fa166d5ffe8f78230fc05e6850881dc08b2da2#code

However, it seems a bit confusing here, because basically I am not able to even find a sstore instruction in the disassembled output:

https://ethervm.io/decompile?address=0x136823ea3fc4a3189a17041ee0285c1103f3d900&network=

Clearly reentrancy means that if there is a storage update after a call instruction and that storage update is unfortunately read out within the same function, then an inconsistent stage happens which could lead to some bugs or vulnerabilities. In other words, even if a call instruction is presented, as long as there is no storage access (like sstore), then reentrancy does not make sense.

Am I missed anything here? Thanks.