GMS-2021-16: Storage corruption due to variables overwritten by re-entrancy locks
Background
When attempting to use the v0.2.14 release, @pandadefi discovered an issue using the @nonreentrant
decorator.
Impact
Reentrancy protection storage slots get allocated to the same slots as storage variables, leading to the corruption of storage variables when using the @nonreentrant
decorator.
Patches
This issue was fixed in v0.2.15 in #2391, #2379
Workarounds
Don’t use the @nonreentrant
decorator in these versions.
References
Detect and mitigate GMS-2021-16 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →