Potential Recursive Callback Issue in claimFertilized Function
Summary
See below...
Vulnerability Details
The claimFertilized function interacts with external contracts and performs token transfers. Although it doesn't directly expose sensitive state changes before the external calls, it's susceptible to reentrancy attacks if any of the external contracts or the LibTransfer library contains functions that can call back into the contract being executed. Let's examine the code snippet:
This function is responsible for allowing users to claim fertilized tokens. It interacts with the C.fertilizer() and C.bean() contracts to update balances and transfer tokens, respectively. However, if any of these external contracts implement functions that can trigger callbacks to the claimFertilized function while it's in an inconsistent state, a reentrancy attack can occur. This could potentially lead to unexpected behavior and loss of funds.
Impact
The impact of a successful recursive call in the claimFertilized function could result in unauthorized transfers of tokens, manipulation of balances, and potentially financial losses for affected users.
Tools Used
Manual
Recommendations
Follow the "Checks-Effects-Interactions" pattern, where state changes are made before interacting with external contracts.
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.