Submission Details
Severity:
claim function vulnerability
Summary
claim function vulnerability
Vulnerability Details
The claim function calls an external contract (LOCKUP_TRANCHED.createWithDurations) after state changes. There is minimal validation of inputs in functions like claim.
Impact
Could potentially allow for reentrancy attacks if the called contract is malicious or compromised. Minimal validation of input can lead to unexpected behavior and potential exploits.
Tools Used
MythX, Mythril
Recommendations
Adding comprehensive input validations.
Using the Checks-Effects-Interactions pattern, where interactions with other contracts are made last.
Claim function should be written like this
function claim(
uint256 index,
address recipient,
uint128 amount,
bytes32[] calldata merkleProof
) external override returns (uint256 streamId) {
require(recipient!= address(0), "Recipient cannot be zero address");
require(amount > 0, "Amount must be greater than zero");
bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(index, recipient, amount))));
_checkClaim(index, leaf, merkleProof);
// Effects
LockupTranched.TrancheWithDuration[] memory tranches = _calculateTranches(amount);
_claimedBitMap.set(index);
// Interactions
streamId = LOCKUP_TRANCHED.createWithDurations(
LockupTranched.CreateWithDurations({
sender: admin,
recipient: recipient,
totalAmount: amount,
asset: ASSET,
cancelable: CANCELABLE,
transferable: TRANSFERABLE,
tranches: tranches,
broker: Broker({ account: address(0), fee: ZERO })
})
);
emit Claim(index, recipient, amount, streamId);
}
Prize pool breakdown
Total prize
53,440 USDC
nSLOC
2,65520 USDC / LOC
45,000 USDC
3,100 USDC
5,340 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.