Emitting an event after ERC20 transfer is a possible re-entrancy exploit?

haydeny · June 30, 2022, 1:16am

I'm interested to know; I received advice that emit event should be called before erc20 safeTransfer in my contract because of a possible re-entrancy attack. The offending code:

\\ checks
\\ effects
ERC20.safeTransfer(to, amount);
emit Rewarded(to, amount);

should be changed to:

\\ checks
\\ effects
emit Rewarded(to, amount);
ERC20.safeTransfer(to, amount);

I've never heard of event emitting after an erc20 transfer to be a potential security concern. Can anyone enlighten me?

minh_trng · June 30, 2022, 9:58pm

as far as I am aware, emissions of events are not able to trigger functions, so this should not be a reentrancy vector

haydeny · July 1, 2022, 4:40pm

Agreed. If events can't be used to implement anything (balance change, function calls, etc), then there is surely no purpose to a re-entrancy attack targeting safeTransfer if the payoff is to manipulate whatever is happening in an event, I.e. emitting an event.

Topic		Replies	Views
SafeERC20.sol / safeTransfer reentrancy Security	2	2527	June 8, 2022
How does emitting a Transfer event in one contract, triggering the "Token Transfers ERC20" in another contract Smart Contracts erc20 , solidity , etherscan-verify	0	70	July 5, 2024
Is this function vulnerable to a reentrancy attack? Smart Contracts	10	847	August 15, 2022
Does Reentrancy occur only in a contract(A) interacting with another contract(B) with any transfer of ether? Support	2	1255	June 17, 2020
How to use the event Transfer of Interface IBER20 Or IERC20? Contracts erc20 , bep20	2	1871	November 23, 2021

Emitting an event after ERC20 transfer is a possible re-entrancy exploit?

Related topics