Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

nonReentrant() Modifier Implementation Is Incorrect Allowing Reentrancy Attacks

0xalipede

Summary

In the InheritanceManager.sol::nonReentrant() modifier the transient storage is accessed improperly, leading to potential reentrancy attacks. The transient storage operates independently from memory and contract storage but is not correctly handled, exposing it to unintended interactions.

Vulnerability Details

Affected code:

The contract's reentrancy modifier utilizes the transient storage of Solidity which persists data scoped to the current transaction only. However, the current implementation incorrectly verifies reentrancy by reading from storage slot 1 while updating storage slot 0. This discrepancy causes storage slot 1 to always return false, allowing attackers to bypass the intended reentrancy protection.

Impact

Attackers can exploit this flaw to perform reentrant attacks, potentially draining funds or altering critical state variables.

Tools Used

  • Manual review

Recommendations

Correct the storage slot being read in the reentrancy modifier to match the slot being updated.

modifier nonReentrant() {
assembly {
//if tload(1) { revert(0, 0) }
// read from storage slot 0
if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
assembly {
tstore(0, 0)
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong value in nonReentrant modifier

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong value in nonReentrant modifier

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.