First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Potential Reentrancy Vulnerability in `Vault::initVault` Function

yourguyd3v

[H-2] Potential Reentrancy Vulnerability in Vault::initVault Function

Description:

The initVault function allows for the initialization of the vault. However, it lacks proper protection against reentrancy attacks. After initializing the vault, the state variable vaultInitialize is set to true, preventing further calls to this function. However, there is no mechanism in place to prevent reentrancy attacks during the execution of loveToken::initVault(managerContract).

Impact:

If the loveToken::initVault(managerContract) call or any other code executed within initVault triggers external contract calls or state changes that could potentially call back into the initVault function, it could result in reentrancy vulnerabilities. Reentrancy attacks could allow malicious actors to manipulate the state of the contract in unintended ways, potentially leading to loss of funds or unauthorized access to contract functionalities.

PoC
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.23;
import {BaseTest} from "./BaseTest.t.sol";
import "forge-std/console.sol";
import {Vault} from "../../src/Vault.sol";
import {ILoveToken} from "../../src/interface/ILoveToken.sol";
contract Attacker is BaseTest {
Vault public vulnerableContract;
constructor(Vault _vulnerableContract) {
vulnerableContract = _vulnerableContract;
}
address ManagerContractAddress = makeAddr("ManagerContractAddress");
// Fallback function to reenter the initVault function
fallback() external {
if (!vulnerableContract.vaultInitialize()) {
vulnerableContract.initVault(ILoveToken(address(loveToken)), ManagerContractAddress);
}
}
receive() external payable {
if (!vulnerableContract.vaultInitialize()) {
vulnerableContract.initVault(ILoveToken(address(loveToken)), ManagerContractAddress);
}
}
// Function to trigger the attack
function Attack() public {
vulnerableContract.initVault(ILoveToken(address(loveToken)), ManagerContractAddress);
}
}

Recommended Mitigation:

To mitigate the risk of reentrancy attacks, ensure to follow CEI

function initVault(ILoveToken loveToken, address managerContract) public {
+ if (vaultInitialize) revert Vault__AlreadyInitialized();
+ vaultInitialize = true;
+ loveToken.initVault(managerContract);
- if (vaultInitialize) revert Vault__AlreadyInitialized();
- loveToken.initVault(managerContract);
- vaultInitialize = true;
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.