Ancient Fern Cormorant
High
both the in-scope contract are meant to be upgradable but inherit from the normal version of ReentrancyGuard
both the in-scope contract are meant to be upgradable but inherit from the non-upgradable version of ReentrancyGuard
. This is a big problem because if the contract is upgraded, the storage of ReentracyGuard
will be messed up, leading to unexpected behaviour or to ReentracyGuard
functionality not working properly.
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L8
https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/EthosVouch.sol#L11
Using the non-upgradable version of ReentrancyGuard
the protocol team wanting to upgrade the contract with some new variables and functionality
None
None
The ReentrancyGuard
functionality won't work as intended.
No response
Use ReentrancyGuardUpgradable
instead of ReentrancyGuard
. It has namespaced storage which will prevent this from happening