Submission Details
Severity:
Reentrancy Risk in claimProfit of MembershipERC1155
Issue:
The claimProfit function in MembershipERC1155 involves an external call to transfer ERC20 tokens after updating state, exposing it to potential reentrancy.
Location:
File:
MembershipERC1155.solFunction:
claimProfit
function claimProfit() external returns (uint256 profit) {
profit = saveProfit(msg.sender);
require(profit > 0, "No profit available");
savedProfit[msg.sender] = 0;
IERC20(currency).safeTransfer(msg.sender, profit);
emit Claim(msg.sender, profit);
}
Exploit :
An attacker could use a custom ERC20 token that re-enters claimProfit, allowing multiple claims for a single savedProfit value.
Impact:
This could lead to unauthorized profit claims and depletion of the profit pool.
Tools Used
Manual review.
Recommendation:
Add a reentrancy guard to claimProfit to prevent reentrant calls:
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
function claimProfit() external nonReentrant returns (uint256 profit) {
profit = saveProfit(msg.sender);
require(profit > 0, "No profit available");
savedProfit[msg.sender] = 0;
IERC20(currency).safeTransfer(msg.sender, profit);
emit Claim(msg.sender, profit);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.