Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Reentrancy Guard in FeeCollector.sol Can Lead to Double-Spend

petesol

Summary

The FeeCollector.sol contract lacks a reentrancy guard on distributeCollectedFees(), which allows reentrant callsto manipulate fee distribution.

Vulnerability Details

The function distributeCollectedFees() transfers fees before deleting stored values:

delete collectedFees;
If an attacker reenters via a callback function before delete collectedFees executes, they can double-claim fees.
This allows multiple fee withdrawals in a single transaction.

PoC

Missing nonReentrant modifier in distributeCollectedFees() in FeeCollector.sol.

Exploit Scenario

The attacker reenters the fee distribution function before delete collectedFees executes.
This allows multiple withdrawals in a single transaction.
Funds are drained due to multiple withdrawals.

PoC Exploit

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

import "../contracts/collectors/FeeCollector.sol";

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";

contract ReentrancyExploit {

FeeCollector public target;

IERC20 public token;

bool public attackInProgress;

constructor(address _target, address _token) {

target = FeeCollector(_target);

token = IERC20(_token);

}

function attack() external {

attackInProgress = true;

target.distributeCollectedFees();

}

function onReceiveFee() external {

if (attackInProgress) {

target.distributeCollectedFees(); // Re-enter the function

}

Expected Outcome

The attacker drains the FeeCollector’s balance.
The function distributes more fees than intended.
Legitimate users lose rewards due to reentrancy.

Impact

Fee theft: Attackers can withdraw more than their fair share of collected fees.
Incorrect accounting: Fee balances may not reflect reality, impacting governance decisions.

Tools Used

Slither for reentrancy detection
Foundry Tests simulating reentrant calls
Manual code Review

Recommendations

Add the nonReentrant modifier to distributeCollectedFees():

function distributeCollectedFees() external nonReentrant whenNotPaused { ... }
Ensure fee updates occur before external calls using the Checks-Effects-Interactions pattern.
Implement unit tests for reentrancy scenarios.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!