confirmReceipt
doesn't implement the nonReentrant modifier.
The contract inherits from ReentrancyGuard
, but doesn't apply the nonReentrant
to confirmReceipt
.
There is a possibility that a reentrancy can happen, though the chances are very slim since the token addresses will be vetted.
Manual review
The chances of something bad happening are very unlikely, but it's still a good idea to implement the nonReentrant
modifier to all functions that have an external call in them.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.