Reentrancy available in withdraw
Summary
A malicious actor could exploit the contract by calling the withdraw function repeatedly before the state is updated, resulting in improper fund withdrawals.
Vulnerability Details
The contract allows users to withdraw funds in the withdraw function but updates the contract state after the external call (i.e., after transferring funds). This sequence allows an attacker to re-enter the contract and withdraw multiple times by exploiting the gap between the external call and the internal state update.
A malicious actor could place a bid and win the auction.
They then call withdraw to reclaim their funds.
Before the internal state is updated, they call the withdraw function again, resulting in multiple withdrawals of the same funds.
Impact
If exploited, this could allow a user to drain the contract's funds or cause users to withdraw more than their rightful amount, leading to significant financial losses for the contract and participants.
Tools Used
Manual Review
Recommendations
Implement a reentrancy guard using OpenZeppelin’s ReentrancyGuard to block re-entrant calls.
Place the state update before the external calls to ensure the contract state is modified before funds are transferred.
Lead Judging Commences
Reentrancy in `withdraw` function
The `withdraw` function doesn't reset the `bid_values` to 0 after the withdraw. That means the bidder can call multiple time the `withdraw` function and receive the whole balance of the protocol.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.