I was reviewing Dapp-Learning-DAO/Dapp-Learning and found something in security/1-reentrancy/theDAO/contracts/SafeVault1.sol line 17 that might need attention.
(bool success, ) = target.call{value: balances[msg.sender]}("");
Potential reentrancy — external call before state update. If balances are updated after the call, an attacker can drain funds via re-entrant calls.
Worth a look to see if this is accounted for elsewhere — could be a real issue depending on the surrounding context.
I was reviewing Dapp-Learning-DAO/Dapp-Learning and found something in
security/1-reentrancy/theDAO/contracts/SafeVault1.sol line 17that might need attention.(bool success, ) = target.call{value: balances[msg.sender]}("");
Potential reentrancy — external call before state update. If balances are updated after the call, an attacker can drain funds via re-entrant calls.
Worth a look to see if this is accounted for elsewhere — could be a real issue depending on the surrounding context.