The Tsender.huff contract includes two primary functions: airdropERC20 and areListsValid. The airdropERC20 function is designed to distribute a specified total amount of ERC20 tokens to multiple recipients. However, this function does not implement any safeguards against reentrancy attacks.
The vulnerability lies in the absence of a reentrancy guard in the airdropERC20 function. Here’s a simplified version of the critical section:
1: The attacker deploys a malicious contract that calls the airdropERC20 function and includes a fallback function or another function that reenters airdropERC20.
2: The attacker initiates the airdrop with their malicious contract as one of the recipients.
3: Reentrancy Execution:
The airdrop contract transfers tokens to the attacker’s contract.
The attacker’s contract’s fallback function calls airdropERC20 again before the initial execution is complete.
This process repeats, allowing the attacker to transfer more tokens than intended.
1: The attacker can repeatedly reenter the airdropERC20 function to transfer more tokens than intended.
2: Legitimate recipients may not receive their tokens as the attacker could exhaust the available tokens.
Manual Review
To prevent reentrancy attacks, the contract should implement a reentrancy guard. This involves using a storage variable to track the state of execution and ensuring no reentrant calls can occur during critical operations.
Recommended Code Change
Summary of Changes
Added a constant REENTRANCY_GUARD_SLOT to define a specific storage slot for tracking the reentrancy state.
Implemented the NON_REENTRANT macro to check and set the reentrancy guard at the beginning of the airdropERC20 function.
Implemented the RESET_REENTRANCY_GUARD macro to reset the reentrancy guard after the critical operations are complete.
Updated the AIRDROP_ERC20 macro to use the NON_REENTRANT and RESET_REENTRANCY_GUARD macros, ensuring reentrancy protection during the execution of the function.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.