You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the external executeorder function in manager.sol executes a order if its executable after executing the order it sets the order.isSpent to true this should happen before the order is executed a user can reenter the execute function and execute a order again due to the order.isSpent = true; being outdated
nikhilx0111
High
reentrancy in manager.sol
Summary
the external executeorder function in manager.sol executes a order if its executable after executing the order it sets the order.isSpent to true this should happen before the order is executed a user can reenter the execute function and execute a order again due to the order.isSpent = true; being outdated
Root Cause
https://github.com/sherlock-audit/2024-08-perennial-v2-update-3/blob/main/perennial-v2/packages/perennial-order/contracts/Manager.sol#L133
Internal pre-conditions
the order just needs to be executable to perform this attack
External pre-conditions
No response
Attack Path
No response
Impact
a malicious user can reenter a already spent order and execute it again
PoC
No response
Mitigation
set the order.isSpent = true; before executing the order
The text was updated successfully, but these errors were encountered: