Submission Details
Severity:
Incorrect Implementation of nonReentrant Modifier
Summary
The nonReentrant modifier in the analyzed smart contract is incorrectly implemented, allowing for a potential reentrancy attack. This vulnerability arises because the locked flag is reset (locked = false) after the main function logic has been executed. As a result, the protection mechanism fails, leaving the contract susceptible to recursive calls
Vulnerability Details
The flawed implementation of the nonReentrant modifier is as follows:
modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
locked = false;
}
Impact
The vulnerability could allow an attacker to call the same function multiple times within a single transaction, bypassing logic and potentially draining funds.
Tools Used
Manual
Recommendations
To fix the vulnerability, update the nonReentrant modifier to ensure the locked flag is set before executing the function logic and reset after execution is complete.
modifier nonReentrant() {
require(!locked, "No re-entrancy");
locked = true; // Set the flag before executing the function logic
_;
locked = false; // Reset the flag after execution
}
Updates
Lead Judging Commences
0xtimefliez about 1 year ago
Submission Judgement Published Assigned finding tags:
mutex lock incomplete
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.