CEI pattern not followed in multiple functions in Staking.sol
Summary
In Staking.deposit() and Staking.claim() CEI pattern is not followed. I am confident that reentrancies due to this are not possible in these functions however solidity best practices should be kept. I am submitting this as informational.
Vulnerability Details
The deposit() function of Staking.sol first performs the transfer of deposit tokens to the staking contract and then does changes to the state. The claim() function first updates the index for msg.sender , then sends the claimable WETH to the msg.sender and after that sets the changes to the state. Here reentrancy is not possible since the token we are transfering is WETH (we know for sure it is not ERC777) and because of the fact that token transfers do not require a fallback function to be implemented by the receiver. However I believe adhering to solidity best practices is the way to go. This is Informational
Impact
Not following solidity best practices
Tools Used
Manual Review
Recommendations
Apply the checks-effects-interactions pattern in the above mentioned functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.