Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Attack in FjordAuction::unbid()

sidhack3r11

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol

The unbid() function allows users to withdraw part or all of their bids before the auction ends. Like claimTokens(), it is vulnerable to reentrancy attacks because it transfers FjordPoints to the user before updating the internal state (bids[msg.sender] and totalBids). An attacker could exploit this by repeatedly calling unbid() and withdrawing more FjordPoints than they initially bid.

Vulnerability Details

Impact

Financial Loss: An attacker could withdraw more FjordPoints than they deposited, leading to financial losses for the contract.

Auction Disruption: The total bid amount (totalBids) could be manipulated, impacting the outcome of the auction.

Tools Used

Manual Review

Recommendations

Apply the nonReentrant modifier to the unbid() function to prevent reentrancy attacks

contract FjordAuction is ReentrancyGuard {
function unbid(uint256 amount) external nonReentrant {
if (block.timestamp > auctionEndTime) {
revert AuctionAlreadyEnded();
}
uint256 userBids = bids[msg.sender];
if (userBids == 0) {
revert NoBidsToWithdraw();
}
if (amount > userBids) {
revert InvalidUnbidAmount();
}
bids[msg.sender] = userBids.sub(amount); // Update state before external call
totalBids = totalBids.sub(amount);
fjordPoints.transfer(msg.sender, amount); // External call
emit BidWithdrawn(msg.sender, amount);
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.