Melted Shadow Otter
High
Although the contract does not directly call external contracts in critical functions, the fee deduction and transfer logic could potentially be exploited if an external contract is involved in the transaction.
I would like to use the nonReentrant modifier from OpenZeppelin's ReentrancyGuard on any function that modifies state and interacts with external contracts.
https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/Numa.sol#L11
No response
No response
No response
No response
No response
// SPDX-License-Identifier: MIT pragma solidity 0.8.20;
import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol"; import "@openzeppelin/contracts-upgradeable/token/ERC20/extensions/ERC20BurnableUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; import "./NumaStore.sol"; import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; // Import ReentrancyGuard
contract NUMA is NumaStore, Initializable, ERC20Upgradeable, ERC20BurnableUpgradeable, PausableUpgradeable, AccessControlUpgradeable, UUPSUpgradeable, ReentrancyGuard // Add ReentrancyGuard { // ... existing code ... }