Ineffective `nonReentrant` Modifier Leading to Reentrancy Vulnerability
Summary:
The nonReentrant modifier in the Christmas Dinner contract does not effectively lock the function against reentrancy attacks. It fails to set the locked state to true before function execution, rendering it ineffective. This exposes the contract to potential reentrancy vulnerabilities, especially in the refund() function.
Vulnerability Details:
Root Cause:
The nonReentrant modifier is incorrectly implemented:
The locked variable is only reset to false after the function call but is not set to true initially, allowing attackers to re-enter the function before the lock is applied.
Affected Functions:
refund()Any future functions that rely on this modifier for reentrancy protection.
Impact:
An attacker could exploit the refund() function to call it multiple times in a single transaction, draining the contract’s balance and causing a loss of funds for legitimate participants.
Tools Used:
Manual review of the contract code.
Static analysis using tools such as Slither to identify reentrancy patterns.
Dynamic testing via Echidna to simulate potential exploits.
Recommendations:
Fix:
Update the nonReentrant modifier to lock the function correctly:
Implementation:
Replace the existing nonReentrant modifier in the contract with the fixed version above.
Additional Safeguard:
Consider using OpenZeppelin’s ReentrancyGuard for a standardized and well-tested implementation:
Lead Judging Commences
mutex lock incomplete
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.