From 83c9ba72969ff3dfd6b66acec5134666f8fdf283 Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Mon, 11 Nov 2019 19:12:17 +0300
Subject: [PATCH] nonReentrant guards

---
 contracts/ERC20Mixer.sol | 4 ++--
 contracts/ETHMixer.sol   | 4 ++--
 contracts/Mixer.sol      | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/contracts/ERC20Mixer.sol b/contracts/ERC20Mixer.sol
index 5059102..3dd1cd5 100644
--- a/contracts/ERC20Mixer.sol
+++ b/contracts/ERC20Mixer.sol
@@ -26,12 +26,12 @@ contract ERC20Mixer is Mixer {
     token = _token;
   }
 
-  function _processDeposit() internal {
+  function _processDeposit() internal nonReentrant {
     require(msg.value == 0, "ETH value is supposed to be 0 for ETH mixer");
     _safeErc20TransferFrom(msg.sender, address(this), denomination);
   }
 
-  function _processWithdraw(address payable _recipient, address payable _relayer, uint256 _fee, uint256 _refund) internal {
+  function _processWithdraw(address payable _recipient, address payable _relayer, uint256 _fee, uint256 _refund) internal nonReentrant {
     require(msg.value == _refund, "Incorrect refund amount received by the contract");
 
     _safeErc20Transfer(_recipient, denomination - _fee);
diff --git a/contracts/ETHMixer.sol b/contracts/ETHMixer.sol
index 2996b5e..bc2859b 100644
--- a/contracts/ETHMixer.sol
+++ b/contracts/ETHMixer.sol
@@ -22,11 +22,11 @@ contract ETHMixer is Mixer {
   ) Mixer(_verifier, _denomination, _merkleTreeHeight, _operator) public {
   }
 
-  function _processDeposit() internal {
+  function _processDeposit() internal nonReentrant {
     require(msg.value == denomination, "Please send `mixDenomination` ETH along with transaction");
   }
 
-  function _processWithdraw(address payable _recipient, address payable _relayer, uint256 _fee, uint256 _refund) internal {
+  function _processWithdraw(address payable _recipient, address payable _relayer, uint256 _fee, uint256 _refund) internal nonReentrant {
     // sanity checks
     require(msg.value == 0, "Message value is supposed to be zero for ETH mixer");
     require(_refund == 0, "Refund value is supposed to be zero for ETH mixer");
diff --git a/contracts/Mixer.sol b/contracts/Mixer.sol
index 5b8c9f4..afa740b 100644
--- a/contracts/Mixer.sol
+++ b/contracts/Mixer.sol
@@ -12,12 +12,13 @@
 pragma solidity ^0.5.8;
 
 import "./MerkleTreeWithHistory.sol";
+import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 
 contract IVerifier {
   function verifyProof(bytes memory _proof, uint256[6] memory _input) public returns(bool);
 }
 
-contract Mixer is MerkleTreeWithHistory {
+contract Mixer is MerkleTreeWithHistory, ReentrancyGuard {
   uint256 public denomination;
   mapping(bytes32 => bool) public nullifierHashes;
   // we store all commitments just to prevent accidental deposits with the same commitment