Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Reentrancy Attacks

mattzio

Summary

The contract allows external calls via call{} without sufficiently ensuring that the contract’s state is updated before external interaction. Despite reentrancy guards, external contracts could exploit this and cause a reentrancy vulnerability.

Vulnerability Details

Issue: External calls are made before updating the contract state, leaving the contract vulnerable to reentrancy attacks.

Impact

Attackers could exploit the reentrancy vulnerability to modify the contract state after a withdrawal, leading to fund loss or unauthorized access. This compromises the security of the funds stored in the contract.

Tools Used

Reentrancy Guards: Analyzed use of reentrancy guards to mitigate risks.

Recommendations

Always update the contract state before making any external calls to ensure that the contract’s state cannot be modified during an external interaction.

Use the transfer() method for fund transfers, which is safer and limits gas usage.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!