A reentrancy vulnerability has been identified in the cancelRegistration
function of the ThePredicter
contract. This vulnerability allows a malicious actor to exploit the contract by recursively calling the cancelRegistration
function before the initial execution completes, potentially leading to unauthorized withdrawal of funds.
The reentrancy vulnerability in the cancelRegistration
function can lead to:
Unauthorized withdrawal of funds.
Potential depletion of the contract's balance.
Loss of trust in the contract's security.
Manual review
Either CEI (Checks - Effects - Interactions) should be followed or OpenZeppelin library ReentrancyGuard
should be used.
Reentrancy of ThePredicter::cancelRegistration allows a maliciour user to drain all funds.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.