Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Vulnerability in TokenDivider Contract

AyeslickShadowAudit

Summary:

TokeDivider contains a reentrancy vulnerability in the buyOrder function, which can be exploited by draining the contract’s balance through malicious fallback.

Vulnerability Details:

Affected code line 292 -296

(bool success, ) = payable(order.seller).call{value: (order.price - sellerFee)}("");
if(!success) {
revert TokenDivider__TransferFailed();
}

When transferring Ether to the seller using the call method, external code is triggered in the seller’s fallback or receive function. If the external contract is malicious, it can repeatedly invoke the buyOrder function before the state is updated, allowing it to drain all the funds from the contract. The above code shows the order.seller enabling malicious contract to exploit the vulnerability by calling buyOrder within the fallback

Impact:

Attacker is able to;

  1. Drain all funds in the TokenDivider contract

  2. Cause denial-of-service (DOS) by depleting contact’s liquidity

Tools Used:

Foundry

Recommendations:

Use checks-effects interaction pattern by updating the buyOrder function to ensure state changes occur before external calls. Incorporate the ReentrancyGuard from OpenZeppelin to prevent nested calls

Updates

Lead Judging Commences

fishy Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Reentrancy

Appeal created

fishy Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.