I was reviewing Dapp-Learning-DAO/Dapp-Learning and found something in basic/20-flash-loan/aave/contracts/aave/FlashLoanReceiverBase.sol line 34 that might need attention.
(bool success, ) = _destination.call{value: _amount}('');
Potential reentrancy — external call before state update. If balances are updated after the call, an attacker can drain funds via re-entrant calls.
Worth a look to see if this is accounted for elsewhere — could be a real issue depending on the surrounding context.
I was reviewing Dapp-Learning-DAO/Dapp-Learning and found something in
basic/20-flash-loan/aave/contracts/aave/FlashLoanReceiverBase.sol line 34that might need attention.(bool success, ) = _destination.call{value: _amount}('');
Potential reentrancy — external call before state update. If balances are updated after the call, an attacker can drain funds via re-entrant calls.
Worth a look to see if this is accounted for elsewhere — could be a real issue depending on the surrounding context.