Reentrancy Vulnerabilities in ThePredicter.sol
Summary
A reentrancy vulnerability exists in the ThePredicter contract's cancelRegistration function. The presence of an external call to msg.sender before updating the state variables allows a potential attacker to exploit the contract and withdraw more funds than intended.
Vulnerability Details
Location: ThePredicter.cancelRegistration (src/ThePredicter.sol#59-67)
Description: The cancelRegistration function makes external call to send Ether to msg.sender before updating the state variable playersStatus. This makes the function vulnerable to reentrancy attacks.
Code Snippet:
State Variables Written After the Call:
Line: src/ThePredicter.sol#63
Cross-function Reentrancies:
Functions using ThePredicter.playersStatus:
ThePredicter.approvePlayer(address) (src/ThePredicter.sol#69-81)
ThePredicter.cancelRegistration() (src/ThePredicter.sol#59-67)
ThePredicter.playersStatus (src/ThePredicter.sol#25)
ThePredicter.register() (src/ThePredicter.sol#43-57)
Impact
An attacker can exploit this vulnerability to call cancelRegistration repeatedly and withdraw multiple refunds, thereby draining the contract of its funds.
Tools Used
Manual code review
Recommendations
Apply Check-Effects-Interactions Pattern: Ensure that all state changes (effects) occur before any external calls (interactions). For example:
Use Reentrancy Guards: Implement reentrancy guards using OpenZeppelin's ReentrancyGuard or a similar mechanism.
Lead Judging Commences
Reentrancy in cancelRegistration
Reentrancy of ThePredicter::cancelRegistration allows a maliciour user to drain all funds.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.