Summary

The StarklaneEscrow contract allows withdrawals of NFTs through the _withdrawFromEscrow function. However, due to improper state management, an attacker can exploit the contract by using a reentrancy attack, enabling them to withdraw the same NFT multiple times.

Vulnerability Details

The vulnerability exists because the contract's state is not updated before the external call to transfer the NFT. This allows the attacker to re-enter the contract through the fallback function and repeatedly call _withdrawFromEscrow to transfer the same NFT multiple times.

Impact

An attacker can drain the NFT assets from the escrow contract, potentially causing significant financial losses and rendering the contract unusable for its intended purpose.

Tools Used

Manual Review

Recommendations

• Implement the Checks-Effects-Interactions Pattern: Update the contract's state before making any external calls to prevent reentrancy attacks.

• Use Reentrancy Guard: Apply the nonReentrant modifier from OpenZeppelin's ReentrancyGuard to the _withdrawFromEscrow function to prevent reentrant calls.