First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

`withdraw` function is vulnerable to Reentrancy attack

bbash

Summary

withdraw function is vulnerable to Reentrancy attack due to lack of CEI.

Vulnerability Details

https://github.com/Cyfrin/2024-06-Dussehra/blob/main/src/Dussehra.sol#L81-L89

function withdraw() public RamIsSelected OnlyRam RavanKilled {
if (totalAmountGivenToRam == 0) {
revert Dussehra__AlreadyClaimedAmount();
}
uint256 amount = totalAmountGivenToRam;
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Failed to send money to Ram");
totalAmountGivenToRam = 0;
}

This piece of code does not follow CEI or Checks Effects Interactions and thus it is vulnerable to an attack like the famous Reentrancy attack.
Lack of CEI allows an attacker to reenter into a function before the state changes are made and can cause severe damage to the protocol.

Impact

Reentrancy Attack

Tools Used

Manual Review

Recommendations

Always follow CEI or add a non reentrant modifier.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - reentrancy in withdraw

The `withdraw` function sends the given amount to Ram. If the attacker calls the `withdraw` function again before the state variable is changed, the function will revert because there are no more funds in the contract. This reentrancy has no impact for the protocol. It is recommended to follow the CEI pattern, but this is informational.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.