Omniscia Euler Finance Audit
BalanceForwarder Manual Review Findings
BalanceForwarder Manual Review Findings
BFR-01M: Inexplicable Permittance of Re-Entrancies
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | BalanceForwarder.sol:L23, L36 |
Description:
The BalanceForwarderModule::enableBalanceForwarder and BalanceForwarderModule::disableBalanceForwarder functions do not impose re-entrancy protections, permitting them to be invoked in between vault operations.
Impact:
The actual severity of this exhibit is directly correlated with the integrated balanceTracker implementation and thus cannot be quantified.
Example:
src/EVault/modules/BalanceForwarder.sol
22/// @inheritdoc IBalanceForwarder23function enableBalanceForwarder() public virtual reentrantOK {24 if (address(balanceTracker) == address(0)) revert E_BalanceForwarderUnsupported();25
26 address account = EVCAuthenticate();27 bool wasBalanceForwarderEnabled = vaultStorage.users[account].isBalanceForwarderEnabled();28
29 vaultStorage.users[account].setBalanceForwarder(true);30 balanceTracker.balanceTrackerHook(account, vaultStorage.users[account].getBalance().toUint(), false);31
32 if (!wasBalanceForwarderEnabled) emit BalanceForwarderStatus(account, true);33}34
35/// @inheritdoc IBalanceForwarder36function disableBalanceForwarder() public virtual reentrantOK {37 if (address(balanceTracker) == address(0)) revert E_BalanceForwarderUnsupported();38
39 address account = EVCAuthenticate();40 bool wasBalanceForwarderEnabled = vaultStorage.users[account].isBalanceForwarderEnabled();41
42 vaultStorage.users[account].setBalanceForwarder(false);43 balanceTracker.balanceTrackerHook(account, 0, false);44
45 if (wasBalanceForwarderEnabled) emit BalanceForwarderStatus(account, false);46}Recommendation:
We advise re-entrancy guards to be set in place as any re-entrancy could affect the balanceTracker implementation and compromise the security guarantees that the balanceTracker expects in relation to IBalanceTracker::balanceTrackerHook invocations.
Alleviation (fb2dd77a6ff9b7f710edb48e7eb5437e0db4fc1a):
The referenced functions have been marked as non-reentrant, preventing their invocation during potential re-entrancy-based attack vectors.