TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

TempleGoldStaking :: _withdrawFor( is subject to reentrancy

Jan

Summary

Vulnerability Details

The _withdrawFor method calls "stakingToken.safeTransfer(toAddress, amount);".

The method safeTransfer to the external contract in the current function (calling toAddress) is called before the state is finished updating, and hence without proper protection, it could potentially allow reentrancy attacks by calling back into the contract before all internal state is updated.

function _withdrawFor( StakeInfo storage stakeInfo, address staker, address toAddress, uint256 stakeIndex, uint256 amount, bool claimRewards, address rewardsToAddress ) internal updateReward(staker, stakeIndex) {
...
stakingToken.safeTransfer(toAddress, amount);
emit Withdrawn(staker, toAddress, stakeIndex, amount);
if (claimRewards) {
_getReward(staker, rewardsToAddress, stakeIndex);
}
}

Impact

Lost of funds for users

Tools Used

Recommendations

To mitigate the reentrancy attack, ensure that no external contracts are called until you’ve done all the internal work that needs to be done. This can be achieved by organizing your function like a state machine. This way, you first perform all state changes, and finally, execute the interaction with the external contract.

Alternatively, you can also use the Checks-Effects-Interactions pattern, and be sure the Interaction is the last thing you do.

Implementing a mutex or reentrancy guard could also prevent reentrant calls. OpenZeppelin provides a ReentrancyGuard contract just for this purpose, which you can inherit into your contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.