Description:
Reentrancy vulnerabilities detected
Affected Functions:
TokenDivider.claimNft(address)
External call:
Updates state variable balances[msg.sender][tokenInfo.erc20Address]
after the external call.
TokenDivider.divideNft(address, uint256, uint256)
External calls:
Updates multiple state variables such as balances
, erc20ToMintedAmount
, erc20ToNft
, and nftToErc20Info
after the calls.
Impact:
Malicious contracts can exploit these functions to manipulate state variables.
Funds or assets could be stolen.
Recommendation:
Use the checks-effects-interactions pattern:
Update state variables before making external calls.
Use OpenZeppelin's ReentrancyGuard
to protect against reentrancy attacks:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.