Reentrancy Risk in claim Function
This function is vulnerable because it performs an external call (extcall IERC20(self.token).transfer(user, claimable))
after updating the state (self.claimed_amount[user] += claimable)
. This violates the Checks-Effects-Interactions (CEI) pattern, which is a best practice for preventing reentrancy attacks.
The most immediate and severe impact is the potential draining of funds from the contract. An attacker could exploit the reentrancy vulnerability to repeatedly claim tokens before the state is updated, allowing them to withdraw more tokens than they are entitled to.
Manual analysis
To fix this reentrancy vulnerability, you need to follow the Checks-Effects-Interactions (CEI) pattern. This means:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.