Use the Checks Effect Interaction Pattern
Summary
The check effect interaction pattern in Solidity enhances security by verifying permissions, conditions, or requirements before executing critical operations, helping prevent unauthorized access and ensuring the integrity of smart contracts.
Vulnerability Details
The Ethereum Virtual Machine lacks concurrency, meaning that when calling an external address, the control flow shifts to that entity. If the entity is a contract acting maliciously, it can alter the control flow and return unexpected states. This vulnerability, known as reentrancy attack, was exploited in a prominent Ethereum hack: The DAO Exploit.
The CEI pattern aims to provide a safe solution, in order to make functions unassailable against reentrancy attacks of any form.
Impact
Consider the following LOC:
Although regular ERC20 tokens are not susceptible to reentrancy attacks, ERC777 tokens have hooks that can be used for reentrancy. In this case, the claim function can be vulnerable, letting a malicious user drain all the weth from the contract.
Tools Used
Manual review
Recommendations
Apply the CEI pattern
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.