TwentyOne
First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy in TwentyOne::endGame

i_atiq

Summery

A high severity vulnerability was identified in the TwentyOne.sol contract where the endGame() function is vulnerable to reentrancy attacks. This allows malicious actors to transfer all ETH in single win.

Vulnerability Details

The vulnerability exists in the following code section:

function endGame(address player, bool playerWon) internal {
delete playersDeck[player].playersCards; // Clear the player's cards
delete dealersDeck[player].dealersCards; // Clear the dealer's cards
delete availableCards[player]; // Reset the deck
if (playerWon) {
@> payable(player).transfer(2 ether); // Transfer the prize to the player
emit FeeWithdrawn(player, 2 ether); // Emit the prize withdrawal event
}
}

The reentrancy vulnerability arises because of the following sequence:

  1. The contract executes payable(player).transfer(2 ether) to send Ether to the player.

  2. The transfer method invokes the player's fallback or receive function, allowing the player to execute arbitrary code before endGame completes its execution.

Impact

  1. A malicious player could exploit reentrancy to repeatedly play the game until he wins and triggers the endGame function repeatedly using reentrancy and receive multiple payouts of 2 ether, draining the contract’s funds.

Recommendations

Use openzepplin's ReentrancyGuard

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.