nonReentrant() modifier is not handled properly
Summary
The locked state variable is used in the nonReentrant modifier to prevent reentrancy attacks. However, this variable is not set to true anywhere in the contract. The modifier is only used on the refund() function which is the only function that performs an external call to arbitrary address. This can lead to a potential reentrancy attack by attacker smart contract.
Vulnerability Details
The locked state variable is used in the nonReentrant modifier to prevent reentrancy attacks. However, this variable is not set to true anywhere in the contract. Without setting this initial state, the require(!locked, "No re-entrancy") check will always fail, meaning the reentrancy check will never pass. Consequently, the reentrancy guard will never be activated, making it ineffective. This creates a vulnerability to reentrancy attacks.
Even though the function uses the transfer method, which forwards only 2300 gas (limiting the possibility of reentrant calls) and the whitelisted ERC20 tokens (USDC, WETH and WBTC) do not implement hooks or callbacks like ERC777 or 1363, etc, there could still be a way to exploit the lack of reentrancy guard. If locked is never set to true, an external contract might be able to reenter the refund function while it is still executing.
Impact
Potential reentrancy vulnerability in the
ChristmasDinnercontract.
Tools Used
Manual review
Recommendations
Update the nonReentrant to set the locked to true before the function executes.
Lead Judging Commences
mutex lock incomplete
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.