The function `claimSingleReward()` suffers from reentrancy, meaning a malicious smart contract can reenter the functions and withdraw all funds.
A user deploys a malicious smart contract that will buy a box and open it until it gets one with a prize
User call malicious smart contracts to call claimSingleReward(indexWinningPrize)
with the index of a winning prize
The `fallback()` function of the malicious smart contract call claimSingleReward(indexWinningPrize)
until there is no more fun
Withdraw all funds from the protocol
Follow CEI pattern:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.