In the the contract, it contains a reentrancy vulnerability in the _sendEth function, which could allow an attacker to drain the contract's balance during reward distribution. By using a low-level call, an attacker could create a malicious contract that reenters the _sendEth function, potentially causing unexpected behavior and financial loss.
a malicious contract that repeatedly calls the _sendEth function, initiating reentrancy and potentially draining the contract's balance.
Remix IDE for smart contract deployment and testing.
Mitigate the reentrancy vulnerability using the checks-effects-interactions pattern. Move the state-changing operations to the end of the function and ensure that external calls are made after all internal state changes. Below is an example modification to the _sendEth function:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.