Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy Vulnerability in claimSingleReward Function

silverwind

Summary

The claimSingleReward function is designed to allow users to claim rewards stored in a mapping, rewardsOwned, by specifying an index. However, the implementation contains a reentrancy vulnerability that can be exploited by malicious actors to withdraw funds multiple times without proper validation.

Vulnerability Details

Relevant code - claimSingleReward

The function transfers rewards to the msg.sender without updating the user’s balance in the contract. This design flaw allows a malicious actor to repeatedly invoke the function with the same index, draining the contract’s balance until it reaches zero.

Impact

Attackers can drain the contract’s balance, causing financial loss.

Tools Used

Manual Review

Recommendations

Before sending the reward, set the msg.sender's reward amount to zero.

require(_index <= rewardsOwned[msg.sender].length, "Invalid index");
uint256 value = rewardsOwned[msg.sender][_index].value;
require(value > 0, "No reward to claim");
+ rewardsOwned[msg.sender][_index].value = 0;
(bool success,) = payable(msg.sender).call{value: value}("");
Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`claimSingleReward` reentrancy

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.