Problem
The test__ReentrancyProtectionRegister and test__ReentrancyProtectionWithdraw are currently failing - reentrancy attempt on register and withdrawal is possible if TOKEN is a malicious contract. Wrong token contract could be configured by a mistake for long enough to let attacker attempt reentrancy. The current situation is:
-
register:
reentrancy attack failed with low level error:
"SafeERC20: low-level call failed"
-
withdraw:
reentrancy attack failed with business logic preventing further calls:
"Insufficient deposit balance"
Impact
Low occurrence, low impact.
To reproduce
- Please checkout de7b417
- cd waku-rlnv2-contract
- forge test --match-test test__ReentrancyProtectionRegister -vvvv
- forge test --match-test test__ReentrancyProtectionWithdraw -vvvv
Expected behavior
RLN contract should ideally provide strong guarantees for the users regardless of chain or TOKEN contract configured.
Screenshots/logs
test__ReentrancyProtectionRegister.log
test__ReentrancyProtectionWithdraw.log
Problem
The test__ReentrancyProtectionRegister and test__ReentrancyProtectionWithdraw are currently failing - reentrancy attempt on register and withdrawal is possible if TOKEN is a malicious contract. Wrong token contract could be configured by a mistake for long enough to let attacker attempt reentrancy. The current situation is:
register:
reentrancy attack failed with low level error:
"SafeERC20: low-level call failed"
withdraw:
reentrancy attack failed with business logic preventing further calls:
"Insufficient deposit balance"
Impact
Low occurrence, low impact.
To reproduce
Expected behavior
RLN contract should ideally provide strong guarantees for the users regardless of chain or TOKEN contract configured.
Screenshots/logs
test__ReentrancyProtectionRegister.log
test__ReentrancyProtectionWithdraw.log