Kodyvim
high
Using openzepplin reentrancyguard
for contracts deployed behind a proxy won't work.
reentrancyGuard
from openzepplin has the _status
set in the constructor, the nonReentrant
modifier would not work as expect since _status
variable is not reachable from the proxy.
Leaving contract vulnerable to reentrancy attacks.
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/pool/IronBank.sol#L5
Manual Review
Use ReentrancyGuardUpgradeable
and call __ReentrancyGuard_init()
within the initialize
function