Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Risk in buyOrder

osuolale

Summary

The buyOrder function performs external calls to transfer Ether before updating internal balances, which could lead to reentrancy attacks.

Vulnerability Details

Impact

1. Potential Exploitation by Attackers:
2. Draining of Contract Funds:
3. Loss of User Trust

Tools Used

Manual Review

Recommendations

Use the checks-effects-interactions pattern. Update internal states before making any external calls.
Code Snippet:
```solidity
// Before:
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
// After:
balances[msg.sender][order.erc20Address] += order.amount;
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
s_userToSellOrders[seller].pop();
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
```
Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Appeal created

osuolale Submitter
5 months ago
fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Reentrancy

fishy Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.