Submission Details
Severity:
External function call before the state update
Summary
The _update function calls an external contract (IPerpsEngine) before updating the state. This can allow the external contract to reenter the function and potentially manipulate the state.
Vulnerability Details
Here is the vulnerability present
https://github.com/Cyfrin/2024-07-zaros/blob/main/src/account-nft/AccountNFT.sol
function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {
address previousOwner = super._update(to, tokenId, auth);
IPerpsEngine(owner()).notifyAccountTransfer(to, tokenId.toUint128());
return previousOwner;
}
Impact
Calling an external contract before updating the state can lead to reentrancy attacks, where the external contract can call back into the vulnerable function before the state is updated.
Tools Used
Recommendations:
Update the state before calling the external contract to prevent reentrancy attacks.
function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {
address previousOwner = super._update(to, tokenId, auth);
super._update(to, tokenId, auth);
IPerpsEngine(owner()).notifyAccountTransfer(to, tokenId.toUint128());
return previousOwner;
}
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,87821
USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.