Submission Details
Severity:
Incorrect nonReentrant Modifier Implementation
Vulnerability Details
The key issue is that locked = false is not set to true before the function execution (_). This means that when the actual function executes at _;, the lock is still false. This completely defeats the purpose of the reentrancy guard, as the lock state isn't maintained accurately during function execution.
modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
@> locked = false;
}
Impact
Could lead to reentrancy which leads to loss of ether in the contract when a user who registered using eth calls for refund within the deadline duration
Tools Used
foundry
Recommendations
modifier nonReentrant() {
require(!locked, "No re-entrancy");
//locked initially set to true
+ locked = true;
//executes the function while locked is still true, therefore reentrancy is blocked
_;
locked = false;
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
mutex lock incomplete
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.