Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

claimSingleReward- Reentrancy

dayeneris1

Summary :

Analysis:

Checks:
Validation of the index and reward value.
Interactions:
Transfer of Ether to the user.
Effects:
Removal of the reward from the user.

Vulnerability Details & impact:

Similar to the vulnerability found with "claimAllRewards", the interaction (Ether transfer) is performed before the internal state is updated, which may allow a reentrancy attack on this function as well.

Tools Used :

Slither/ Wake et foundry

Recommendations :

Reverse the order to comply with IEC:

function claimSingleReward(uint256 _index) public {
require(_index < rewardsOwned[msg.sender].length, "Invalid index"); // Correction mineure sur la comparaison
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");

function claimSingleReward(uint256 _index) public {
require(_index < rewardsOwned[msg.sender].length, "Invalid index"); // Correction mineure sur la comparaison
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
// Effects: Mise à jour de l'état AVANT l'interaction
delete rewardsOwned[msg.sender][_index];
// Interactions: Transfert d'Ether APRÈS la mise à jour de l'état
(bool success,) = payable(msg.sender).call{value: value}("");
require(success, "Transfer failed");
}

}

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`claimSingleReward` reentrancy

dayeneris1 Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`claimSingleReward` reentrancy

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.