The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Absence of Reentrancy Guard in claimRewards Function

daniel526

Summary

The claimRewards function in the LiquidationPool contract lacks a proper reentrancy guard, which could expose the contract to potential reentrancy attacks. Reentrancy attacks can occur when an external contract calls back into the contract being executed, leading to unexpected behavior and potential security vulnerabilities.

Vulnerability Details

The claimRewards function is susceptible to reentrancy attacks due to the absence of a reentrancy guard. The function iterates through a list of tokens and transfers rewards to the user. Without a reentrancy guard, a malicious external contract could repeatedly call the claimRewards function, potentially interrupting its execution and causing unexpected state changes.

function claimRewards() external {

ITokenManager.Token[] memory _tokens = ITokenManager(tokenManager).getAcceptedTokens();

for (uint256 i = 0; i < _tokens.length; i++) {

ITokenManager.Token memory _token = _tokens[i];

uint256 _rewardAmount = rewards[abi.encodePacked(msg.sender, _token.symbol)];

if (_rewardAmount > 0) {

delete rewards[abi.encodePacked(msg.sender, _token.symbol)];

if (_token.addr == address(0)) {

(bool _sent,) = payable(msg.sender).call{value: _rewardAmount}("");

require(_sent, "Failed to send ETH reward");

} else {

IERC20(_token.addr).transfer(msg.sender, _rewardAmount);

}

Impact

The absence of a reentrancy guard exposes the contract to potential reentrancy attacks, allowing malicious actors to manipulate the contract's state and possibly disrupt its intended functionality. This could result in loss of funds or other unexpected consequences.

Tools Used

Manual

Recommendations

Implement a reentrancy guard to protect the claimRewards function. Use a boolean variable to track the reentrancy status and a modifier to ensure that the function cannot be reentered until its execution is complete. Here is an example of a reentrancy guard:

bool internal locked;

modifier noReentrant() {

require(!locked, "No re-entrancy");

locked = true;

locked = false;

}

Apply the noReentrant modifier to the claimRewards function to prevent reentrancy during its execution:

function claimRewards() external noReentrant {

// Existing function logic

// ...

}

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

claims-reentrancy

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.