dacian
medium
Teller should follow the Checks-Effects-Interactions pattern to minimize risk of being hacked by re-entrancy attacks.
CollateralEscrowV1.withdraw() L95-L101 is the most obvious where amount is decremented after transferring the collateral; re-entry is possible if ERC721/1155 is transferred to an external contract. TellerV2._repayLoan() L746-L756 is another place where bid.loanDetails members are set after safeTransferFrom(). Neither of these appear to be exploitable, but Teller should implement the Checks-Effects-Interactions pattern to minimize risk.
Putting effects after interaction invites re-entrancy attacks.
CollateralEscrowV1.withdraw() L95-L101 TellerV2._repayLoan() L746-L756
Manual Review
Implement Checks-Effects-Interactions pattern throughout the codebase to minimize potential re-entrancy attacks