Abundant Lace Mammoth
High
The claimFee function is vulnerable to reentrancy attacks because it calls the market.claimFee(msg.sender) function before updating the internal state by calling market.token().push(comptroller). This allows an attacker to re-enter the claimFee function repeatedly potentially draining the contract funds.
The claimFee function is vulnerable to reentrancy attacks because it allows external calls to occur before updating its internal state making it possible for an attacker to repeatedly exploit the function and potentially drain the contract funds
Unauthorized withdrawal of funds : it allows attacker to steal money from the contract without any permission.
Manual Review
The recommendation is to move the market.token().push(comptroller) line above the market.claimFee(msg.sender) line. like this:
function claimFee(IMarket market) external { if (msg.sender != comptroller) revert NotComptroller(); market.token().push(comptroller); market.claimFee(msg.sender); }
or consider using Reentrancy Guard for protection