[FEA-1063] remediate Slowmist audit suggestion [N4] (#69)

plumenetwork · Oct 24, 2024 · d21f7b8 · d21f7b8
1 parent 591e0e6
commit d21f7b8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/staking/src/RWAStaking.sol b/staking/src/RWAStaking.sol
@@ -3,6 +3,7 @@ pragma solidity ^0.8.25;
 
 import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
 import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
+import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 
@@ -11,7 +12,7 @@ import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.s
  * @author Eugene Y. Q. Shen
  * @notice Pre-staking contract for RWA Staking on Plume
  */
-contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable {
+contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable {
 
     // Types
 
@@ -136,6 +137,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable {
     ) public initializer {
         __AccessControl_init();
         __UUPSUpgradeable_init();
+        __ReentrancyGuard_init();
 
         _grantRole(DEFAULT_ADMIN_ROLE, owner);
         _grantRole(ADMIN_ROLE, owner);
@@ -174,7 +176,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @notice Stop the RWAStaking contract by withdrawing all stablecoins
      * @dev Only the admin can withdraw stablecoins from the RWAStaking contract
      */
-    function adminWithdraw() external onlyRole(ADMIN_ROLE) {
+    function adminWithdraw() external nonReentrant onlyRole(ADMIN_ROLE) {
         RWAStakingStorage storage $ = _getRWAStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();
@@ -198,7 +200,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @param amount Amount of stablecoins to stake
      * @param stablecoin Stablecoin token contract address
      */
-    function stake(uint256 amount, IERC20 stablecoin) external {
+    function stake(uint256 amount, IERC20 stablecoin) external nonReentrant {
         RWAStakingStorage storage $ = _getRWAStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();
@@ -232,7 +234,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @param amount Amount of stablecoins to withdraw
      * @param stablecoin Stablecoin token contract address
      */
-    function withdraw(uint256 amount, IERC20 stablecoin) external {
+    function withdraw(uint256 amount, IERC20 stablecoin) external nonReentrant {
         RWAStakingStorage storage $ = _getRWAStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();

diff --git a/staking/src/ReserveStaking.sol b/staking/src/ReserveStaking.sol
@@ -3,6 +3,8 @@ pragma solidity ^0.8.25;
 
 import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
 import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
+
+import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 
@@ -11,7 +13,7 @@ import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.s
  * @author Eugene Y. Q. Shen
  * @notice Pre-staking contract into the Plume Mainnet Reserve Fund
  */
-contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable {
+contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable {
 
     // Types
 
@@ -136,6 +138,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable {
     function initialize(address owner, IERC20 sbtc, IERC20 stone) public initializer {
         __AccessControl_init();
         __UUPSUpgradeable_init();
+        __ReentrancyGuard_init();
 
         _grantRole(DEFAULT_ADMIN_ROLE, owner);
         _grantRole(ADMIN_ROLE, owner);
@@ -161,7 +164,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @notice Stop the ReserveStaking contract by withdrawing all SBTC and STONE
      * @dev Only the admin can withdraw SBTC and STONE from the ReserveStaking contract
      */
-    function adminWithdraw() external onlyRole(ADMIN_ROLE) {
+    function adminWithdraw() external nonReentrant onlyRole(ADMIN_ROLE) {
         ReserveStakingStorage storage $ = _getReserveStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();
@@ -184,7 +187,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @param sbtcAmount Amount of SBTC to stake
      * @param stoneAmount Amount of STONE to stake
      */
-    function stake(uint256 sbtcAmount, uint256 stoneAmount) external {
+    function stake(uint256 sbtcAmount, uint256 stoneAmount) external nonReentrant {
         ReserveStakingStorage storage $ = _getReserveStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();
@@ -231,7 +234,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable {
      * @param sbtcAmount Amount of SBTC to withdraw
      * @param stoneAmount Amount of STONE to withdraw
      */
-    function withdraw(uint256 sbtcAmount, uint256 stoneAmount) external {
+    function withdraw(uint256 sbtcAmount, uint256 stoneAmount) external nonReentrant {
         ReserveStakingStorage storage $ = _getReserveStakingStorage();
         if ($.endTime != 0) {
             revert StakingEnded();