Submission Details
Severity:
modifier nonReentrant() doesn't prevent Reentrancy
Summary
modifier nonReentrant() doesn't prevent Reentrancy
Vulnerability Details
On line 77 of ChristmasDinner.sol there is the followin modifier:
modifier nonReentrant() {
require(!locked, "No re-entrancy");
_;
locked = false;
}
The issue is that the variable "locked" is always "false" in the code, it never changes value.
Impact
A Reentrancy attack could be used when the contract relies on a modifier that doesn't work.
Tools Used
Manual analysis.
Recommendations
Change the variable to "true" after the require check.
modifier nonReentrant() {
require(!locked, "No re-entrancy");
locked = true;
_;
locked = false;
}
Updates
Lead Judging Commences
0xtimefliez 7 months ago
Submission Judgement Published Assigned finding tags:
mutex lock incomplete
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.