Reeantrancy Vulnerability `_claimPlenty` in `Silo.sol`
Summary
High-severity reentrancy vulnerability in the _claimPlenty function of the Silo contract. The vulnerability arises from an external call to sopToken.safeTransfer preceding the modification of state variables, potentially exposing the contract to reentrancy attacks.
Vulnerability Details
The vulnerability stems from the sequence of operations in the _claimPlenty function, where tokens are transferred using sopToken.safeTransfer before deleting s.a[account].sop.plenty. This order of operations opens up the possibility of reentrancy attacks, as external calls can be manipulated to re-enter the function before the delete operation is completed.
Exploit Scenario with fallback function:
Impact
The impact of this vulnerability is substantial, warranting a "High" severity rating. A successful exploitation of the reentrancy vulnerability in the _claimPlenty function could lead to severe consequences. An attacker could manipulate the contract's state during execution, potentially resulting in unauthorized access to funds, unexpected contract behavior, or even a complete compromise of the contract's integrity. Considering the financial nature of the transactions involved, the potential for significant loss is high.
Tools Used
Manual Review
Recommendations
Change order of operations to avoid reentrancy.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.