In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @openzeppelin/contracts
to version 3.4.0-rc.0 or higher.
@openzeppelin/contracts is a library for contract development.
Affected versions of this package are vulnerable to Improper Synchronization via the ERC777
contract. Extending this contract with a custom _beforeTokenTransfer
function could allow a reentrancy attack to happen. When burning tokens, _beforeTokenTransfer
is invoked before the send hook is externally called on the sender while token balances are adjusted afterwards. At the moment of the call to the sender, which can result in reentrancy, state managed by _beforeTokenTransfer
may not correspond to the actual token balances or total supply.