MorpheusAI

Foundry

22,500 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Race Condition in manageUsersInPrivatePool Function Leads to Incorrect Deposit/Withdrawal Behavior

recursiveeth

Summary

The vulnerability lies in the Distribution.sol:manageUsersInPrivatePool function, where a race condition can occur if a user's deposited amount is equal to the amount specified in the function call, Then the user is unable to deposit into the private pool due to a conflict in the state of their deposited amount.

Vulnerability Details

When a user's deposited amount is exactly equal to the amount specified in the Distribution.sol:manageUsersInPrivatePool function call, a race condition arises.
If another transaction, such as a Distribution.sol:_stake or Distribution.sol:_withdraw, modifies the user's deposited amount between the time the Distribution.sol:manageUsersInPrivatePool function is called and the loop iterates over the users, the function may behave unexpectedly.
Specifically, if the deposited amount changes to be less than the specified amount due to another transaction, the function may incorrectly attempt to withdraw funds from the user's account, potentially resulting in a loss of funds or DoS for the user.

Impact

when this situation arises, there can be scenario when user wants to deposit but they end up withdrawing there funds and vice versa.

Tools Used

Manual code review

Recommendations

Use mutex locks or other synchronization mechanisms to prevent concurrent access to shared resources.

contract Token {

mapping(address => uint256) public balances;

mapping(address => bool) public isLocked; // Mutex lock for each user

function transferTokens(address _to, uint256 _amount) external {

require(!isLocked[msg.sender], "Token transfer in progress, please wait");

isLocked[msg.sender] = true;

require(balances[msg.sender] >= _amount, "Insufficient balance");

// Transfer tokens

balances[msg.sender] -= _amount;

balances[_to] += _amount;

isLocked[msg.sender] = false; // Release the lock

}

}```

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

22,500 USDC

nSLOC

1,054

21 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.