First Flight #20: The Predicter

Summary: ThePredictor::ThePredicter__NotEligibleForWithdraw() error checks if the user is eligible to withdraw funds or not. However, the sending of funds to the user could fail if there is no CEI pattern check.

Vulnerability Details: ETH could be withdrawn by an arbitrary address as all CEI pattern checks are not in place. The attacker exploits this function to map some balance to their smart contract address and create a fallback function that calls withdraw. When msg.sender.call{value:reward)("") transfers the valid amount, the fallback function calls ThePredicter::withdraw function repeatedly, transferring all the funds before the transfer is terminated. This continues until all the funds are exploited.

Below is the code which is vulnerable and can cause Reentrancy attack by an attacker.

Impact: The Reentrancy attacks is the most vulnerable attacks and can cause withdrawl of the entire funds of the contracts by an external caller.

Tools Used: Slither, Aderyn, VSCode, Foundry.

Recommendations: Proper checks should be in place in the ThePredictor::withdraw function. The Change, Effect, Interactions (CEI) pattern should be followed to prevent such attacks. Changes done as below to handle the CEI pattern checks in the ThePredictor::withdrawPrediction function.

An attacker could withdraw funds from the contract using the msg.sender.call{value:fees)("").The expolits to the call by an attacker can be prevented by calling the balances[msg.sender=0] before the transfer of funds.