From d21f7b890ad9ac692dd152874ce72bd2660f6cc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alp=20G=C3=BCneysel?= Date: Thu, 24 Oct 2024 00:24:48 -0400 Subject: [PATCH] [FEA-1063] remediate Slowmist audit suggestion [N4] (#69) --- staking/src/RWAStaking.sol | 10 ++++++---- staking/src/ReserveStaking.sol | 11 +++++++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/staking/src/RWAStaking.sol b/staking/src/RWAStaking.sol index 413019b..55ba3e3 100644 --- a/staking/src/RWAStaking.sol +++ b/staking/src/RWAStaking.sol @@ -3,6 +3,7 @@ pragma solidity ^0.8.25; import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol"; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; @@ -11,7 +12,7 @@ import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.s * @author Eugene Y. Q. Shen * @notice Pre-staking contract for RWA Staking on Plume */ -contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable { +contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable { // Types @@ -136,6 +137,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable { ) public initializer { __AccessControl_init(); __UUPSUpgradeable_init(); + __ReentrancyGuard_init(); _grantRole(DEFAULT_ADMIN_ROLE, owner); _grantRole(ADMIN_ROLE, owner); @@ -174,7 +176,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable { * @notice Stop the RWAStaking contract by withdrawing all stablecoins * @dev Only the admin can withdraw stablecoins from the RWAStaking contract */ - function adminWithdraw() external onlyRole(ADMIN_ROLE) { + function adminWithdraw() external nonReentrant onlyRole(ADMIN_ROLE) { RWAStakingStorage storage $ = _getRWAStakingStorage(); if ($.endTime != 0) { revert StakingEnded(); @@ -198,7 +200,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable { * @param amount Amount of stablecoins to stake * @param stablecoin Stablecoin token contract address */ - function stake(uint256 amount, IERC20 stablecoin) external { + function stake(uint256 amount, IERC20 stablecoin) external nonReentrant { RWAStakingStorage storage $ = _getRWAStakingStorage(); if ($.endTime != 0) { revert StakingEnded(); @@ -232,7 +234,7 @@ contract RWAStaking is AccessControlUpgradeable, UUPSUpgradeable { * @param amount Amount of stablecoins to withdraw * @param stablecoin Stablecoin token contract address */ - function withdraw(uint256 amount, IERC20 stablecoin) external { + function withdraw(uint256 amount, IERC20 stablecoin) external nonReentrant { RWAStakingStorage storage $ = _getRWAStakingStorage(); if ($.endTime != 0) { revert StakingEnded(); diff --git a/staking/src/ReserveStaking.sol b/staking/src/ReserveStaking.sol index 7cd51e1..adbd612 100644 --- a/staking/src/ReserveStaking.sol +++ b/staking/src/ReserveStaking.sol @@ -3,6 +3,8 @@ pragma solidity ^0.8.25; import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; + +import { ReentrancyGuardUpgradeable } from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol"; import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; @@ -11,7 +13,7 @@ import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.s * @author Eugene Y. Q. Shen * @notice Pre-staking contract into the Plume Mainnet Reserve Fund */ -contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable { +contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable, ReentrancyGuardUpgradeable { // Types @@ -136,6 +138,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable { function initialize(address owner, IERC20 sbtc, IERC20 stone) public initializer { __AccessControl_init(); __UUPSUpgradeable_init(); + __ReentrancyGuard_init(); _grantRole(DEFAULT_ADMIN_ROLE, owner); _grantRole(ADMIN_ROLE, owner); @@ -161,7 +164,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable { * @notice Stop the ReserveStaking contract by withdrawing all SBTC and STONE * @dev Only the admin can withdraw SBTC and STONE from the ReserveStaking contract */ - function adminWithdraw() external onlyRole(ADMIN_ROLE) { + function adminWithdraw() external nonReentrant onlyRole(ADMIN_ROLE) { ReserveStakingStorage storage $ = _getReserveStakingStorage(); if ($.endTime != 0) { revert StakingEnded(); @@ -184,7 +187,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable { * @param sbtcAmount Amount of SBTC to stake * @param stoneAmount Amount of STONE to stake */ - function stake(uint256 sbtcAmount, uint256 stoneAmount) external { + function stake(uint256 sbtcAmount, uint256 stoneAmount) external nonReentrant { ReserveStakingStorage storage $ = _getReserveStakingStorage(); if ($.endTime != 0) { revert StakingEnded(); @@ -231,7 +234,7 @@ contract ReserveStaking is AccessControlUpgradeable, UUPSUpgradeable { * @param sbtcAmount Amount of SBTC to withdraw * @param stoneAmount Amount of STONE to withdraw */ - function withdraw(uint256 sbtcAmount, uint256 stoneAmount) external { + function withdraw(uint256 sbtcAmount, uint256 stoneAmount) external nonReentrant { ReserveStakingStorage storage $ = _getReserveStakingStorage(); if ($.endTime != 0) { revert StakingEnded();