Starknet Auction
First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Vulnerability in `withdraw` Function

mayank

Description:

  • Location in Code: The withdraw function.

  • The contract updates the bidder's balance (bid_values) after making an external call to the ERC20 token contract.

  • This sequence allows for a reentrancy attack, where a malicious contract could repeatedly call withdraw before their balance is updated.

Impact:

  • Unauthorized withdrawals leading to loss of funds from the contract.

  • Compromises the security and integrity of the auction process.

Proof of Code:

fn withdraw(ref self: ContractState) {
// ...
if amount > 0 {
let sender = get_contract_address();
// External call made before state update
erc20_dispatcher.transfer_from(sender, caller, amount.into());
// State updated after external call
self.bid_values.entry(caller).write(0);
}
// ...
}

Recommendation:

  • Update state before external calls to prevent reentrancy attacks.

  • Modify the withdraw function to update the bidder's balance before transferring tokens.

Corrected Code:

fn withdraw(ref self: ContractState) {
// ...
if amount > 0 {
// State updated before external call
self.bid_values.entry(caller).write(0);
erc20_dispatcher.transfer(caller, amount.into());
}
// ...
}

  • Implement reentrancy guards if necessary.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.