Submission Details
Severity:
`ChristmasDinner:: modifier nonReentrant` The provided nonReentrant modifier is incorrect and does not properly prevent re-entrancy attacks.
[H-1] `ChristmasDinner:: modifier nonReentrant` The provided nonReentrant modifier is incorrect and does not properly prevent re-entrancy attacks.
**Description:** in the `modifier` function, the locked state is only checked at the start,but it is reset to false after the function logic.
That is the locked variable is reset to false after the function logic (_), meaning the contract remains vulnerable during execution
```diff
modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
locked = false;
}
```
**Impact:** This implementation defeats the purpose of a re-entrancy guard. If an attacker can re-enter the function before locked is set back to false, they could exploit the contract draining funds or causing unintended behavior.
**Proof of Concept:**
**Recommended Mitigation:**
1. consider using Openzeppelin's ReentrancyGuard implementation
2.
3. The locked state should be set to true immediately before the function logic (_) and reset to false only after the logic is executed. A proper implementation should look like this:
```diff
modifier nonReentrant() {
require(!locked, "No re-entrancy");
+ locked = true; // Set lock before the function execution
_;
locked = false; // Reset lock after the function execution
}
```
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
mutex lock incomplete
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.