Submission Details
Severity:
claimSingleReward() does not follow CEI, thus suffer of reentrancy issue
Summary
The function `claimSingleReward()` suffers from reentrancy, meaning a malicious smart contract can reenter the functions and withdraw all funds.
Vulnerability Details
A user deploys a malicious smart contract that will buy a box and open it until it gets one with a prize
User call malicious smart contracts to call
claimSingleReward(indexWinningPrize)with the index of a winning prizeThe `fallback()` function of the malicious smart contract call
claimSingleReward(indexWinningPrize)until there is no more fun
Impact
Withdraw all funds from the protocol
Recommendations
Follow CEI pattern:
function claimSingleReward(uint256 _index) public {
require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
+. delete rewardsOwned[msg.sender][_index];
//@audit possible to reenter here as well
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
- delete rewardsOwned[msg.sender][_index];
}
Updates
Appeal created
inallhonesty 9 months ago
Submission Judgement Published Assigned finding tags:
`claimSingleReward` reentrancy
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.