Context
src/checks/ReentrancyCheck.sol + test/Example.t.sol cover classic ERC-20 reentrancy. We do not have a template for ERC-777's tokensReceived reentrancy vector (the same class of bug that drained imBTC/Uniswap V1 in 2020). Auditors importing this checklist currently have to write that template themselves.
Scope
Files to touch:
- Add
src/checks/ERC777ReentrancyCheck.sol — parallel to ReentrancyCheck.sol.
- Add
test/ERC777Reentrancy.t.sol — includes a deliberately-vulnerable VulnerableERC777Vault.sol fixture and asserts the check flags it.
Acceptance criteria
- Check compiles; test passes when run against the included vulnerable fixture; test fails (= check detects bug) when fixture's
nonReentrant guard is removed.
- Documented in
README.md under the checks table.
Estimated effort
M — 3-4 hrs. Reference: OZ IERC777Recipient and 2020 Uniswap V1 post-mortem.
— kcolbchain / Abhishek Krishna
Context
src/checks/ReentrancyCheck.sol+test/Example.t.solcover classic ERC-20 reentrancy. We do not have a template for ERC-777'stokensReceivedreentrancy vector (the same class of bug that drained imBTC/Uniswap V1 in 2020). Auditors importing this checklist currently have to write that template themselves.Scope
Files to touch:
src/checks/ERC777ReentrancyCheck.sol— parallel toReentrancyCheck.sol.test/ERC777Reentrancy.t.sol— includes a deliberately-vulnerableVulnerableERC777Vault.solfixture and asserts the check flags it.Acceptance criteria
nonReentrantguard is removed.README.mdunder the checks table.Estimated effort
M — 3-4 hrs. Reference: OZ
IERC777Recipientand 2020 Uniswap V1 post-mortem.— kcolbchain / Abhishek Krishna