The current implementation of the protocol has a potential reentrancy vulnerability when a ERC677 or ERC777 token is listed as the underlying token of the CToken.
https://github.com/Tropykus/protocol/blob/c88d0baa0a91235cd61716f3140d07ee9ba7ad4e/contracts/CToken.sol#L1449-L1454
The deployed markets at the moment do not interact with such tokens and are not subject to the vulnerability. A proposal for future listings has been added in the following commit: 97ae23b
https://github.com/Tropykus/protocol/blob/97ae23b3ef15ddadd5f6dd9c6bedf7570beed998/contracts/CToken.sol#L1450-L1455
The current implementation of the protocol has a potential reentrancy vulnerability when a ERC677 or ERC777 token is listed as the underlying token of the CToken.
https://github.com/Tropykus/protocol/blob/c88d0baa0a91235cd61716f3140d07ee9ba7ad4e/contracts/CToken.sol#L1449-L1454
The deployed markets at the moment do not interact with such tokens and are not subject to the vulnerability. A proposal for future listings has been added in the following commit: 97ae23b
https://github.com/Tropykus/protocol/blob/97ae23b3ef15ddadd5f6dd9c6bedf7570beed998/contracts/CToken.sol#L1450-L1455