Reentrancy in Dussehra::withdraw()
Summary
The withdraw function in the Dussehra contract contains an external call, which can be exploited by attackers to reenter the function and perform multiple withdrawals. This vulnerability arises from the absence of the checks-effects-interactions pattern, which is crucial for preventing reentrancy attacks. The
Vulnerability Details
Function Affected: withdraw
Issue: Potential for reentrancy due to external calls without the use of the checks-effects-interactions pattern.
Severity: Critical. Reentrancy attacks can lead to significant financial losses by allowing attackers to drain contract funds.
Impact
Financial Loss: Attackers can repeatedly call the withdraw function to drain the contract's funds.
Tools Used
Manual Review
Recommendations
Implement the checks-effects-interactions pattern in the withdraw function to prevent reentrancy attacks. This pattern ensures that state changes occur before making external calls, thereby mitigating the risk of reentrancy.
Lead Judging Commences
Invalid - reentrancy in withdraw
The `withdraw` function sends the given amount to Ram. If the attacker calls the `withdraw` function again before the state variable is changed, the function will revert because there are no more funds in the contract. This reentrancy has no impact for the protocol. It is recommended to follow the CEI pattern, but this is informational.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.