Tadle

Summary

A potential reentrancy vulnerability has been identified in the withdraw function of the TokenManager.sol contract. The function does not adhere to the Checks-Effects-Interactions (CEI) pattern, which is a best practice for preventing reentrancy attacks. This could allow a malicious actor to repeatedly withdraw funds by re-entering the function before the balance is updated.

Vulnerability Details

The vulnerability lies in the withdraw function, specifically in the sequence of operations performed when transferring tokens. The function transfers tokens to the user before updating their balance, which violates the CEI pattern.

Relevant links

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L137C5-L189C6

Impact

If exploited, this vulnerability could allow an attacker to drain funds from the contract. By repeatedly calling the withdraw function in a reentrancy loop, the attacker could withdraw more tokens than they are entitled to, potentially leading to significant financial losses.

PoC

To exploit this vulnerability, an attacker could deploy a malicious contract that re-enters the withdraw function before the state is updated. The steps would involve:

1. The attacker calls the withdraw function, triggering the transfer of tokens.

2. Before the state is updated, the attacker’s contract re-enters the withdraw function, calling it again and allowing additional tokens to be withdrawn.

3. This process repeats, draining the contract’s balance.

Tools Used

Manual review.

Recommendations

To mitigate the risk of reentrancy attacks, it is recommended to follow the Checks-Effects-Interactions (CEI) pattern. Or adding a reentrancy guard would also help mitigate this vulnerability.