Lesson 18: Slither Testing nonReentrant Function

[Nlferu]

Hello Guys,

I have came up with an idea to fix our Reentrancy.sol contract as below:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

// This is the age-old reentrancy attack that should make you squirm when you see it
// https://solidity-by-example.org/hacks/re-entrancy/ for full example
// Follow https://twitter.com/programmersmart

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract EtherStore is ReentrancyGuard {
    mapping(address => uint256) public balances;

    function deposit() external payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw() external nonReentrant {
        uint256 balance = balances[msg.sender];
        require(balance > 0);
        (bool success, ) = msg.sender.call{value: balance}("");
        require(success, "Failed to send Ether");
        balances[msg.sender] = 0;
    }

    // Helper function to check the balance of this contract
    function getBalance() external view returns (uint256) {
        return address(this).balance;
    }
}

// How could you make a contract that exploits this?

So basically we are using ReentrancyGuard here to prevent this vulnerability but after testing it with Slither it still says Reentrancy in EtherStore.withdraw() like nothing would changed. Any idea why is that? Slither is not implementing reentrancy guard or he is just pointing us that there is reentrancy in this function and we should cover it with ReentrancyGuard?

I have also came up with Slither catching errors in ERC721A, which in my opinion is a bit ridiculous as a lot of protocols using it...
Any idea why Slither is yelling like below on ERC721A? Is it safe to use ERC721A and Slither is just wrong or there are vulnerabilities for real?

[Nlferu]

@PatrickAlphaC
Sorry to bother you, but as you are currently the expert of smart contract security your feedback here would be much appreciated!

[PatrickAlphaC]

Could you ask the question about ERC721A on stack exchange ETH or Peeranha?

Thanks!

Per the fix, yes! That would work great!