Summary

The withdraw function in the ThePredicter contract is susceptible to a reentrancy attack. This vulnerability allows an attacker to repeatedly call the withdraw function before the contract's state is updated, potentially draining the contract's funds.

Vulnerability Details

The withdraw function does not have any reentrancy protection mechanism in place. After the contract transfers the reward to the player, an attacker can create a malicious contract with a fallback function that calls back into the withdraw function. This recursive call can be repeated until the contract's balance is depleted, as the scoreBoard.clearPredictionsCount(msg.sender) update occurs only after the recursive calls have finished.

https://github.com/Cyfrin/2024-07-the-predicter/blob/main/src/ThePredicter.sol#L111-L144

Impact

A successful reentrancy attack can lead to a significant loss of funds for the contract, as the attacker can repeatedly withdraw rewards without fulfilling the eligibility criteria.

Tools Used

Manual review

Recommendations

Use a reentrancy guard (e.g., OpenZeppelin's nonReentrant modifier) to prevent the withdraw function from being called recursively.