Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrency vulnerability because of misconfigured nonrentrant modifier

freesultan

Summary

The nonReentrant modifier in the refund function is misconfigured, which could leave the contract vulnerable to reentrancy attacks under certain circumstances.

Vulnerability Details

Location: nonReentrant modifier

  • Code Issue: The locked variable is reset (locked = false;) after the execution of the main function logic (_), instead of at the end of the modifier’s execution flow. This allows external interactions within the function body to potentially re-enter the contract, bypassing the lock.

  • Function Affected: refund, where _refundETH and _refundERC20 involve external calls that could be exploited.

Impact

A malicious external contract could trigger reentrancy by exploiting the external calls in _refundETH (via Ether transfers) or _refundERC20 (via malicious ERC20 tokens). This could allow an attacker to repeatedly call the refund function, draining user balances or contract funds.

Tools Used

Manual review

Recommendations

Fix the nonreentrant modifier

modifier nonReentrant() {
require(!locked, "No re-entrancy");
locked = true;
_;
locked = false;
}

follow checks-effects-interactsions

use call instead of transfer in refundeth

(bool success, ) = _to.call{value: refundValue}("");
require(success, "ETH refund failed");
Updates

Lead Judging Commences

0xtimefliez Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

mutex lock incomplete

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.