Reentrancy bugs are detected in Staking::deposit
, Airdrop::claim
, Staking::claimRewards
, Staking::deposit
, and Staking::withdraw
.
Reentrancy in Staking.deposit(uint256) (src/Staking.sol#50-58):
External calls:
- loveToken.balanceOf(address(stakingVault)) == 0 (src/Staking.sol#51)
State variables written after the call(s):
- userStakes[msg.sender] += amount (src/Staking.sol#54)
Reentrancy in Airdrop.claim() (src/Airdrop.sol#51-89):
External calls:
- numberOfDaysInCouple = (block.timestamp - soulmateContract.idToCreationTimestamp(soulmateContract.ownerToId(msg.sender))) / daysInSecond (src/Airdrop.sol#56-59)
- amountAlreadyClaimed >= numberOfDaysInCouple * 10 ** loveToken.decimals() (src/Airdrop.sol#64-65)
- tokenAmountToDistribute = (numberOfDaysInCouple * 10 ** loveToken.decimals()) - amountAlreadyClaimed (src/Airdrop.sol#68-69)
- tokenAmountToDistribute = loveToken.balanceOf(address(airdropVault)) (src/Airdrop.sol#76-78)
Event emitted after the call(s):
- TokenClaimed(msg.sender,tokenAmountToDistribute) (src/Airdrop.sol#82)
Reentrancy in Staking.claimRewards() (src/Staking.sol#70-99):
External calls:
- soulmateId = soulmateContract.ownerToId(msg.sender) (src/Staking.sol#71)
- lastClaim[msg.sender] = soulmateContract.idToCreationTimestamp(soulmateId) (src/Staking.sol#74-76)
- loveToken.transferFrom(address(stakingVault),msg.sender,amountToClaim) (src/Staking.sol#92-96)
Event emitted after the call(s):
- RewardsClaimed(msg.sender,amountToClaim) (src/Staking.sol#98)
Reentrancy in Staking.deposit(uint256) (src/Staking.sol#50-58):
External calls:
- loveToken.balanceOf(address(stakingVault)) == 0 (src/Staking.sol#51)
- loveToken.transferFrom(msg.sender,address(this),amount) (src/Staking.sol#55)
Event emitted after the call(s):
- Deposited(msg.sender,amount) (src/Staking.sol#57)
Reentrancy in Staking.withdraw(uint256) (src/Staking.sol#61-66):
External calls:
- loveToken.transfer(msg.sender,amount) (src/Staking.sol#64)
Event emitted after the call(s):
- Withdrew(msg.sender,amount) (src/Staking.sol#65)
These reentrancies allow manipulation of the order or value of events.
Slither
Apply the check-effects-interactions (CEI) pattern.
Reference: https://docs.soliditylang.org/en/v0.4.21/security-considerations.html#re-entrancy
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.