DeFiFoundry
20,000 USDC
View results
Submission Details
Severity: high
Invalid

Reentrancy Vulnerability in unstake, unstakeVested, unstakeAll, claimReward functions for FjordStaking contract

Line: https://github.com/Cyfrin/2024-08-fjord/blob/6614c7f97f6fb020f1a980215e7579615027ba8e/src/FjordStaking.sol#L449

Functions like unstake, unstakeVested, unstakeAll, claimReward, and completeClaimRequest involve token transfers before the state is fully updated. This could be exploited through a reentrancy attack, where an attacker could re-enter the function before the state changes, potentially draining the contract.

Recommendation: Use the Checks-Effects-Interactions pattern, ensuring state changes occur before external calls (like token transfers). Additionally, consider adding reentrancyGuard using the ReentrancyGuard modifier from OpenZeppelin.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.