location : src/SablierFlow.sol
The withdraw
function allows users to withdraw tokens from a stream. The function performs several state updates and then transfers tokens to the recipient. However, there is a risk of reentrancy because the external call to token.safeTransfer
happens after state updates but the state updates may be insufficient to prevent reentrant calls.
code :
While the function updates internal state variables before making the external call, if the token being transferred is an ERC777 token or a malicious ERC20 token that has a reentrancy vector via transfer
or transferFrom
, the contract may still be vulnerable.
An attacker could exploit this vulnerability by re-entering the withdraw
function during the safeTransfer
call and manipulating the contract's state to withdraw more funds than intended.
Use Reentrancy Guard: Incorporate a reentrancy guard in the function to prevent reentrant calls.
For example, use the nonReentrant
modifier from OpenZeppelin's ReentrancyGuard
contract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.