From ce8cc951bc879afa9a218b890e56d6b473d89d18 Mon Sep 17 00:00:00 2001 From: Thrilok Kumar Date: Thu, 29 Apr 2021 23:42:05 +0530 Subject: [PATCH 1/2] Added ReentrancyGuard --- contracts/receivers/aave-v2-receiver/main.sol | 2 +- .../receivers/aave-v2-receiver/variables.sol | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/contracts/receivers/aave-v2-receiver/main.sol b/contracts/receivers/aave-v2-receiver/main.sol index 30c0c4f..e2c3f68 100644 --- a/contracts/receivers/aave-v2-receiver/main.sol +++ b/contracts/receivers/aave-v2-receiver/main.sol @@ -145,7 +145,7 @@ contract InstaFlash is AaveV2Migrator { uint256[] calldata _amounts, uint /*_route */, // no use of route but just to follow current flashloan pattern bytes calldata data - ) external isDSA { + ) external nonReentrant isDSA { uint _length = _tokens.length; require(_length == _amounts.length, "not-equal-length"); uint[] memory iniBal = new uint[](_length); diff --git a/contracts/receivers/aave-v2-receiver/variables.sol b/contracts/receivers/aave-v2-receiver/variables.sol index bcd8c15..6440610 100644 --- a/contracts/receivers/aave-v2-receiver/variables.sol +++ b/contracts/receivers/aave-v2-receiver/variables.sol @@ -41,6 +41,12 @@ contract Variables { */ address public constant maticReceiver = 0x0000000000000000000000000000000000001001; + /** + * @dev ReentrancyGuard + */ + uint256 private constant _NOT_ENTERED = 1; + uint256 private constant _ENTERED = 2; + // Storage variables // @@ -66,4 +72,32 @@ contract Variables { * @dev last stateId from the onStateReceive */ uint256 internal lastStateId; + + /** + * @dev ReentrancyGuard status variable + */ + uint256 private _reentrancyStatus; + + // Modifer // + + /** + * @dev Prevents a contract from calling itself, directly or indirectly. + * Calling a `nonReentrant` function from another `nonReentrant` + * function is not supported. It is possible to prevent this from happening + * by making the `nonReentrant` function external, and make it call a + * `private` function that does the actual work. + */ + modifier nonReentrant() { + // On the first call to nonReentrant, _notEntered will be true + require(_reentrancyStatus != _ENTERED, "ReentrancyGuard: reentrant call"); + + // Any calls to nonReentrant after this point will fail + _reentrancyStatus = _ENTERED; + + _; + + // By storing the original value once again, a refund is triggered (see + // https://eips.ethereum.org/EIPS/eip-2200) + _reentrancyStatus = _NOT_ENTERED; + } } From 89520994632fc1f6b6c489e0920d5a66d1167a65 Mon Sep 17 00:00:00 2001 From: Thrilok Kumar Date: Thu, 29 Apr 2021 23:42:13 +0530 Subject: [PATCH 2/2] Added double token check --- contracts/receivers/aave-v2-receiver/main.sol | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contracts/receivers/aave-v2-receiver/main.sol b/contracts/receivers/aave-v2-receiver/main.sol index e2c3f68..54c8531 100644 --- a/contracts/receivers/aave-v2-receiver/main.sol +++ b/contracts/receivers/aave-v2-receiver/main.sol @@ -148,6 +148,15 @@ contract InstaFlash is AaveV2Migrator { ) external nonReentrant isDSA { uint _length = _tokens.length; require(_length == _amounts.length, "not-equal-length"); + + for (uint i = 0; i < _length; i++) { + for (uint j = 0; j < _length; j++) { + if (j != i) { + require(_tokens[j] != _tokens[i], "token-repeated"); + } + } + } + uint[] memory iniBal = new uint[](_length); IERC20[] memory _tokenContracts = new IERC20[](_length); for (uint i = 0; i < _length; i++) {