Report ID
#34203
Report type
Smart Contract
Has PoC?
Yes
Target
https://etherscan.io/address/0xC1E088fC1323b20BCBee9bd1B9fC9546db5624C5
Impacts
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
Description
Title:
Reentrancy Vulnerability in initializeDiamondCut Function in Diamond Contract
Severity: High
Description:
The initializeDiamondCut function in the Diamond contract has a critical reentrancy vulnerability. The function uses delegatecall without adequate protection against reentrancy attacks. This vulnerability could allow an attacker to re-enter the contract and manipulate the state, potentially leading to unauthorized fund transfers or state changes.
Impact:
Exploitation of this vulnerability could result in:
Unauthorized manipulation of contract state.
Potential loss of funds due to reentrant calls.
Overall compromise of the contract's integrity and functionality.
Technical Details:
Affected Function: initializeDiamondCut
Location in Code: The issue is found in the LibDiamond.sol library, specifically in the following code snippet:
function initializeDiamondCut(address _init, bytes memory _calldata) internal {
(bool success, bytes memory error) = _init.delegatecall(_calldata);
if (success == false) {
if (error.length > 0) {
revert(string(error));
} else {
revert("LibDiamondCut: _init function reverted");
}
}
}
Explanation: The use of delegatecall allows the called contract to execute code in the context of the caller's storage. If the _init contract is malicious or improperly secured, it could exploit this function to re-enter the contract and alter the state unexpectedly. This lack of reentrancy protection could lead to severe consequences, including fund loss.