Submission Details
Severity:
[H-3] `claimSingleReward()` is subject to a reentrancy attack
Summary
The claimSingleReward() function is subject to a re-entry attack because the state of the variable rewardsOwned is updated after an external call.
Vulnerability Details
This function is vulnerable because an attacker can create a contract with a fallback function that calls claimSingleReward(), thereby the balance funds will be cyclically drained into the attacker's contract.
function claimSingleReward(uint256 _index) public {
require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
delete rewardsOwned[msg.sender][_index];
}
Impact
Low rate of draining the contract balance, because value collect only a single reward.
Tools Used
Manual code review.
Recommendations
Follow the pattern Checks-Effects-Interactions, update the state of variables before external calls:
function claimSingleReward(uint256 _index) public {
require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
+ delete rewardsOwned[msg.sender][_index];
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
- delete rewardsOwned[msg.sender][_index];
}
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
`claimSingleReward` reentrancy
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.