the withdraw function allows users that are authorized to withdraw a specific amount. but there is a reentrancy issue in this function
since the state was not updated before making an external call this function is vulnurable to reetrancy attack
If the withdraw
function of splitters[msg.sender]
makes a callback to this contract (e.g., calling withdraw
again before the state is updated), a reentrancy attack could drain the funds of the contract before it has the chance to properly update its state.
Since the internal state (such as balances) is not updated prior to the external call, a reentrancy attack can drain funds by repeatedly calling withdraw
before the original function execution completes.
manual review
a non reentrant modifier should be added
function withdraw(uint256 _amount) external nonReentrant {
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.