Christmas Dinner
First Flight #31
Beginner FriendlyFoundrySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy in the refund function

ognjenovicuros

Summary

The refundfunction is vulnerable to reentrancy, which gives the attacker the possibility to drain the funds from the contract.

Vulnerability Details

The refundfunction implements the nonReentrantmodifier which is supposed to guard against reentrancy:

modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
locked = false;
}

However, the contract is never locked and the first line of code in the modifier always returns true. This vulnerability allows the attacker to repeatedly call the refundfunction until there are no funds left in the contract (provided they'd sent some funds to the contract beforehand).

Impact

This vulnerability allows the attacker to drain the funds from the contract, which completely breaks the code logic.

Tools Used

Manual inspection.

Recommendations

The nonReentrantmodifier should be modified to lock the contract before entering a function:

modifier nonReentrant() {
require(!locked, "No re-entrancy");
locked = true;
_;
locked = false;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

mutex lock incomplete

0xtimefliez Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

mutex lock incomplete

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.