Submission Details
Severity:
Incorrect implementation of nonReentrant modifier allows reentrancy
Summary
The nonReentrant modifier in InheritanceManager contract does not work as it is expected, allowing to reenter to the functions that intended to be non-reentrant.
Vulnerability Details
The nonReentrant modifier checks slot 1 in transient storage, but sets slot 0 after that:
modifier nonReentrant() {
assembly {
if tload(1) { revert(0, 0) }
tstore(0, 1)
}
_;
assembly {
tstore(0, 0)
}
}
That means that slot 1 will always be set to 0 and condition if tload(1) { revert(0, 0) } will never be true.
Impact
The functions intended to be non-reentrant are actually reentrant and allows to attack the InheritanceManager contract.
Tools Used
Manual review
Recommendations
Check slot 0 instead of slot 1:
-if tload(1) { revert(0, 0) }
+if tload(0) { revert(0, 0) }
Updates
Lead Judging Commences
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.