Reentrancy in `Dussehra::withdraw()` from sending Ether to arbitrary destination
Summary
Unprotected call to a function sending Ether to an arbitrary address.
Vulnerability Details
External calls:
- (success,None) = msg.sender.call{value: amount}() (src/Dussehra.sol#86)
State variables written after the call(s):
- totalAmountGivenToRam = 0 (src/Dussehra.sol#88)
Dussehra.totalAmountGivenToRam (src/Dussehra.sol#24) can be used in cross function reentrancies:
- Dussehra.killRavana() (src/Dussehra.sol#67-79)
- Dussehra.totalAmountGivenToRam (src/Dussehra.sol#24)
- Dussehra.withdraw() (src/Dussehra.sol#81-89)
Impact
The external calls risk the contract from being exposed to a reentrancy attack.
Tools Used
Slither
Recommendations
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Lead Judging Commences
Invalid - reentrancy in withdraw
The `withdraw` function sends the given amount to Ram. If the attacker calls the `withdraw` function again before the state variable is changed, the function will revert because there are no more funds in the contract. This reentrancy has no impact for the protocol. It is recommended to follow the CEI pattern, but this is informational.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.