Submission Details
Severity:
Reentrancy Vulnerability in buyOrder Function
Summary:The buyOrder function in the TokenDivider contract is vulnerable to reentrancy attacks. This occurs because Ether is transferred to the seller before the state is updated (removing the order). An attacker could exploit this by using a malicious contract that calls buyOrder recursively, potentially draining funds.
Vulnerability Details:
function buyOrder(uint256 orderIndex, address seller) external payable {
// ... (code omitted for brevity)
// Vulnerable area: Sends Ether before updating state
(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
if(!success) {
revert TokenDivider__TransferFailed();
}
// State update happens after Ether transfer
s_userToSellOrders[seller][orderIndex] = s_userToSellOrders[seller][s_userToSellOrders[seller].length - 1];
s_userToSellOrders[seller].pop();
}
Impact:Potential for attackers to drain funds by exploiting the reentrancy vulnerability.
Tools Used:Manual Code review
Recommendations:Implement the checks-effects-interactions pattern by updating the state before transferring Ether.
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.