Reentrancy attack in `refund` function
Summary
The refund function is vulnerable to reentrancy attacks, as it can invoke the sendValue function multiple times.
Vulnerability Details
The refund function does not adhere to the checks-effects-interactions pattern, which could allow an attacker to steal funds from the contract.
Impact
This vulnerability allows anyone to create a malicious smart contract that can invoke the refund function multiple times using the fallback or receive functions. Because the refund function doesn't follow the checks-effects-interactions pattern, the contract can send the entranceFee multiple times without changing the state of players[playerIndex] to address(0).
Tools Used
Manual Review
Recommendations
-
To fix the bug and ensure the function follows the checks-effects-interactions pattern, move the line
players[playerIndex] = address(0);before the linepayable(msg.sender).sendValue(entranceFee);. -
Implement the use of
ReentrancyGuard.soland apply thenonReentrantmodifier to protect the function from reentrancy attacks.
Lead Judging Commences
reentrancy-in-refund
reentrancy in refund() function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.