Submission Details
Severity:
`ChristmasDinner::_refundETH` function has no reentrancy protection nor follow the Checks-Effects-Interactions (CEI) pattern.
**Description:** The `_refundETH` function is not protected due to lack of safety guard and it also peforms external calls before updating state variables, it fails to follow CEI format.
An attacker can exploit this to drain multiple tokens from the contract by reentering during the token transfer.
```javascript
function _refundETH(address payable _to) internal {
uint256 refundValue = etherBalance[_to];
_to.transfer(refundValue);
etherBalance[_to] = 0;
}
```
**Impact:**
1.complete draining of contract's WETH, WBTC, and USDC tokens
2.might affects all users' balances
**Proof of Concept:**
**Recommended Mitigation:**
1. consider using Openzeppelin's ReentrancyGuard implementation.
2. Try checking the reenentrancy modifier
3. ensures it follows CEI pattern.
```diff
modifier nonReentrant() {
require(!locked, "No re-entrancy");
+ locked = true; // Set lock before the function execution
_;
locked = false; // Reset lock after the function execution
}
function _refundETH(address payable _to) internal {
uint256 refundValue = etherBalance[_to];
- _to.transfer(refundValue);
+ etherBalance[_to] = 0;
+ _to.transfer(refundValue);
}
```
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
mutex lock incomplete
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.