Missing check ownership of function forwardAll()

Summary

The missing check of owner of this function has reentrancy attack risk. And also everyone can call this function to do forwardAll() if time is required. The only check is block.time should be at least mimimumTickDuration, while it's not enough.

Root Cause

https://github.com/sherlock-audit/2024-11-nounsdao/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/StreamEscrow.sol#L136-L149

If the attacker has the condition of wait time of minimumTickDuration to do reentrancy attack, the forwardAll function will not defend it. And the money will be sent to ethRecipient.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

No response

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

041.md

041.md

Missing check ownership of function forwardAll()

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

041.md

Latest commit

History

041.md

File metadata and controls

Missing check ownership of function forwardAll()

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation