ThePredicter::withdraw
function that could lead to loss of fundsSummary:
The withdraw
function in ThePredicter.sol
is vulnerable to reentrancy attacks due to violating the Checks-Effects-Interactions pattern, potentially allowing malicious users to withdraw multiple times and unfairly distribute rewards.
Vulnerability Details:
The withdraw
function performs state changes before making external calls:
The vulnerability arises because clearPredictionsCount
is called before the Ether transfer. A malicious contract could potentially re-enter withdraw during the Ether transfer.
The state update occurs before the external call, violating the Checks-Effects-Interactions pattern.
Impact:
Medium. While not directly exposing all funds to risk, this vulnerability could allow multiple withdrawals by a single user, leading to unfair reward distribution and disruption of the protocol's intended functionality.
Tools Used:
Manual Review, Forge testing framework, AI for troubleshooting
Recommended Mitigation:
Implement the CEI pattern:
This re-arranges the function to the correct CEI pattern. Also, there is a few other changes to aim to mitigate the reentrancy vulnerability:
The addition of a new state variable playerWithdrawals
to track withdrawals.
The removal of the if (reward > 0) check, as it's now handled by the isEligible requirement.
The addition of an event emission for transparency.
Additionally, it would be advised to implement a reentrancy guard using OpenZeppelin's ReentrancyGuard
. To do this;
First, import the ReentrancyGuard contract from OpenZeppelin.
Then, make your contract inherit from ReentrancyGuard.
Finally, add the nonReentrant modifier to the withdraw function.
By adding the nonReentrant
modifier, the ReentrancyGuard
will prevent any reentrant calls to this function, providing an additional layer of protection against reentrancy attacks. This works in conjunction with the Checks-Effects-Interactions pattern to make the function even more secure.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.