Incorrect Transient Storage Access in nonReentrant Modifier
Summary
The nonReentrant() modifier in the InheritanceManager contract utilizes transient storage for reentrancy protection. However, it accesses an incorrect storage location during the reentrancy check, rendering the modifier ineffective. While the contract's current implementation mitigates the risk due to the consistent use of onlyOwner() alongside nonReentrant(), a potential reentrancy attack vector exists if this pattern changes or if the contract is extended.
Vulnerability Details
The nonReentrant() modifier attempts to prevent reentrancy attacks by using transient storage to implement a lock. However, there is an error in the assembly code. The tload(1) instruction attempts to load from transient storage slot 1, but the lock is stored in transient storage slot 0. Therefore, the reentrancy check will always fail, and the modifier provides no actual protection.
Impact
The nonReentrant() modifier fails to provide its intended protection, exposing the contract to potential reentrancy attacks. While the current implementation mitigates the risk, any future modifications could introduce a serious security flaw.
Tools Used
Manual Review
Recommendations
Correct the nonReentrant() modifier by changing tload(1) to tload(0):
Lead Judging Commences
Wrong value in nonReentrant modifier
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.