Problem: A DeFi yield protocol was two weeks from mainnet launch with $24M in committed TVL. A cross-function reentrancy path bypassed the standard single-function guard — exploitable to drain the protocol in a single transaction.
Solution: Slither flagged a CEI pattern violation as low severity. Manual call-graph tracing identified the cross-function path. Foundry generated a proof-of-concept exploit transaction draining a local fork in one call. Fix: move balance update before external call; add OpenZeppelin ReentrancyGuardTransient. Re-tested to confirm exploit path closed.
Technology: Solidity · Foundry · Slither · OpenZeppelin
Optimisation pattern: single-function-guard-to-cross-function-reentrancy-fix
Outcomes:
Exploit closed before mainnet. Zero user funds at risk. Audit report provided for institutional due diligence. Secondary finding (unchecked ERC-20 return value) also fixed.