Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy in withdraw Function of TokenManager Contract

aksoy

Summary

The withdraw function in the TokenManager contract is vulnerable to a reentrancy attack. This vulnerability allows malicious users to exploit the contract by repeatedly calling the withdraw function

Vulnerability Details

The withdraw function performs token transfers, including transferring native tokens and ERC20 tokens, without implementing a reentrancy guard. A malicious contract could call the withdraw function to withdraw native token, and within the same transaction, reenter the withdraw function. This would allow the attacker to drain more tokens than they are entitled to.

function withdraw(
address _tokenAddress,
TokenBalanceType _tokenBalanceType
) external whenNotPaused {
uint256 claimAbleAmount = userTokenBalanceMap[_msgSender()][
_tokenAddress
][_tokenBalanceType];
IWrappedNativeToken(wrappedNativeToken).withdraw(claimAbleAmount);
payable(msg.sender).transfer(claimAbleAmount);

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/TokenManager.sol#L137

Impact

reentrancy attack could result in the attacker draining all native tokens from the pool

Tools Used

Manual

Recommendations

Use the nonReentrant modifier from the OpenZeppelin ReentrancyGuard contract to prevent reentrancy attacks

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.