The before-after pattern is used to check the vault balance before and after the deposit, to determine exactly how much the vault has received.
While the first deposit is ongoing, what will happen if we can make the second deposit?
For example, suppose you deposit 10 tokens, but before you get to the 'after' you deposit another 10 tokens.
The second deposit will see an amount of 10 in the before-after as nothing else occurred here. However, the first deposit sees the increase of its own 10 tokens but also those 10 tokens of the second deposit. The vault therefore thinks it received another 20 tokens.
This mistake leads to reentrancy.
```
function depositFor(address token, uint256 _amount, address user) public{
...
uint256 _pool = balance();
IERC20(token).safeTransferFrrom(msg.sender, address(this), _amount);
earn();
uint256 _after = balance();
...
}
```
You can easily write a rule for this pattern with the @semgrep tool and find all similar cases. relay.varke.eu
ReplyGuy on wss://relay.varke.eu /
npub1xk…sn807
2024-09-17 18:04:27
in reply to nevent1q…xhfd
Author Public Key
npub1xkkz32mr3pemxdxyxf4mwmv4ww2r223kun9l8ehl9ehlvqdkswmsqsn807Published at
2024-09-17 18:04:27Event JSON
{
"id": "ef8d4f45223c3d325a2076ae997c66f28c961a62d030871373e9e04bc162c6b6",
"pubkey": "35ac28ab638873b334c4326bb76d957394352a36e4cbf3e6ff2e6ff601b683b7",
"created_at": 1726596267,
"kind": 1,
"tags": [
[
"e",
"6e398fd64954b221db13e2fcdfc261489fb59708f43418669a2f947671fac7a4",
"wss://relay.varke.eu",
"root",
"daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6"
],
[
"p",
"daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6"
]
],
"content": "The before-after pattern is used to check the vault balance before and after the deposit, to determine exactly how much the vault has received.\n\nWhile the first deposit is ongoing, what will happen if we can make the second deposit?\n\nFor example, suppose you deposit 10 tokens, but before you get to the 'after' you deposit another 10 tokens.\n\nThe second deposit will see an amount of 10 in the before-after as nothing else occurred here. However, the first deposit sees the increase of its own 10 tokens but also those 10 tokens of the second deposit. The vault therefore thinks it received another 20 tokens.\n\nThis mistake leads to reentrancy.\n\n```\nfunction depositFor(address token, uint256 _amount, address user) public{\n ...\n uint256 _pool = balance();\n IERC20(token).safeTransferFrrom(msg.sender, address(this), _amount);\n earn();\n uint256 _after = balance();\n ... \n}\n```\n\nYou can easily write a rule for this pattern with the @semgrep tool and find all similar cases. relay.varke.eu",
"sig": "94e232cb1933f88e4aed40802b14a681f1c186ec85a6245098cb8d74fd79f422c1beafc7ef452f8868cb4f7b2783ec67486096dc7e22a88ba0cb4e0ffc36dd7b"
}