Submission Details
Severity:
The protocol is susceptible to reentrancy attack.
Summary
the contract can be reentered due to use of low level call.
Vulnerability Details
The following functions transfer funds using the low level call; withdrawFunds(), claimAllRewards(), and claimSingleReward(). the issue here is that if the called address is a contract, it can callback into the contract to drain the contract funds. this is plausible before the state is being updated after the transfer of funds were made.
function claimSingleReward(uint256 _index) public {
require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
delete rewardsOwned[msg.sender][_index];
}
Impact
draining of funds from the protocl
Tools Used
Manual Review
Recommendations
Use reentrancy guard and update state changes before token transfer or use safeTransfer function from openzeppellin
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
`claimAllRewards` reentrancy
`claimSingleReward` reentrancy
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.