"Improper non-reentrancy lock implementation allows potential reentrancy exploits"
Summary
The nonReentrant modifier in the contract is improperly implemented. The locked state variable is never set to true before executing the function body, which renders the reentrancy guard ineffective. This oversight can allow malicious reentrancy attacks, potentially compromising the contract's logic and security.
Vulnerability Details
The modifier nonReentrant is designed to prevent reentrant calls by setting a lock before execution and releasing it afterward. The locked variable is never assigned the value true before entering the critical code section, leaving the contract vulnerable to reentrancy attacks.
Impact
If exploited, this vulnerability can result in theft of funds or resources from the contract. This poses a high severity risk** **in scenarios where external calls are made, particularly in functions dealing with token transfers, ETH payments, or sensitive state changes, but in this case because of the logic of the contract reentrancy is not possible, but if the host manage to put other tokens it will be possible.
Tools Used
Manual code review
Recommendations
By implementing that fix, the contract will ensure that reentrancy attacks are effectively mitigated.
Correctly set the locked variable to true before function execution:
Lead Judging Commences
mutex lock incomplete
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.