Submission Details
Severity:
`emergencyWithdraw` function missing `nonReentrant`
Summary
In the emergencyWithdraw function have token transfer, however the function has no Reentrant protection mechanism.
Vulnerability Details
In the emergencyWithdraw function have token transfer.
@> function emergencyWithdraw(address token) external override whenPaused {
if (!hasRole(EMERGENCY_ROLE, msg.sender)) revert UnauthorizedCaller();
if (token == address(0)) revert InvalidAddress();
uint256 balance;
if (token == address(raacToken)) {
balance = raacToken.balanceOf(address(this));
raacToken.safeTransfer(treasury, balance);
} else {
balance = IERC20(token).balanceOf(address(this));
SafeERC20.safeTransfer(IERC20(token), treasury, balance);
}
emit EmergencyWithdrawal(token, balance);
}
This function have tranfer token to treasury raacToken.safeTransfer(treasury, balance); and SafeERC20.safeTransfer(IERC20(token), treasury, balance);
However, this function has no Reentrant protection mechanism.
Impact
Possible Reentry Attack
Tools Used
Manual
Recommendations
Add nonReentrantfor this fuction
function emergencyWithdraw(address token) external override nonReentrant whenPaused {
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.