The functions Airdrop::claim
, Staking::claimRewards
, and Vault::initVault
are vulnerable to reentrancy attacks.
Reentrancy in Airdrop::claim
(src/Airdrop.sol#51-89):
External calls:
- numberOfDaysInCouple = (block.timestamp - soulmateContract.idToCreationTimestamp(soulmateContract.ownerToId(msg.sender))) / daysInSecond (src/Airdrop.sol#56-59)
- amountAlreadyClaimed >= numberOfDaysInCouple * 10 ** loveToken.decimals() (src/Airdrop.sol#64-65)
- tokenAmountToDistribute = (numberOfDaysInCouple * 10 ** loveToken.decimals()) - amountAlreadyClaimed (src/Airdrop.sol#68-69)
- tokenAmountToDistribute = loveToken.balanceOf(address(airdropVault)) (src/Airdrop.sol#76-78)
State variables written after the call(s):
- _claimedBy[msg.sender] += tokenAmountToDistribute (src/Airdrop.sol#80)
Airdrop._claimedBy (src/Airdrop.sol#26) can be used in cross function reentrancies:
- Airdrop.claim() (src/Airdrop.sol#51-89)
Reentrancy in Staking::claimRewards
(src/Staking.sol#70-99):
External calls:
- soulmateId = soulmateContract.ownerToId(msg.sender) (src/Staking.sol#71)
- lastClaim[msg.sender] = soulmateContract.idToCreationTimestamp(soulmateId) (src/Staking.sol#74-76)
State variables written after the call(s):
- lastClaim[msg.sender] = block.timestamp (src/Staking.sol#87)
Staking.lastClaim (src/Staking.sol#26) can be used in cross function reentrancies:
- Staking.claimRewards() (src/Staking.sol#70-99)
- Staking.lastClaim (src/Staking.sol#26)
Reentrancy in Vault::initVault(ILoveToken,address)
(src/Vault.sol#27-31):
External calls:
- loveToken.initVault(managerContract) (src/Vault.sol#29)
State variables written after the call(s):
- vaultInitialize = true (src/Vault.sol#30)
Vault.vaultInitialize (src/Vault.sol#18) can be used in cross function reentrancies:
- Vault.initVault(ILoveToken,address) (src/Vault.sol#27-31)
- Vault.vaultInitialize (src/Vault.sol#18)
Reentrancy vulnerabilities ultimately result in the loss of funds in the vault.
Slither
Apply the check-effects-interactions (CEI) pattern.
Reference: https://docs.soliditylang.org/en/v0.4.21/security-considerations.html#re-entrancy
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.