Submission Details
Severity:
Faulty Reentrancy Guard Implementation
Description: The reentrancy guard in InheritanceManager::nonReentrant incorrectly reads from transient storage slot 1 instead of slot 0. Since tload(1) always returns zero, the reentrancy check is effectively disabled.
Impact: Critical functions such as InheritanceManager::sendETH, InheritanceManager::contractInteractions, InheritanceManager::withdrawInheritedFunds are vulnerable to reentrancy attacks, potentially allowing an attacker to drain funds from the contract.
Recommended Mitigation: Modify the reentrancy guard to read from slot 0 instead:
modifier nonReentrant() {
assembly {
- if tload(1) { revert(0, 0) }
+ if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
assembly {
tstore(0, 0)
}
}
Updates
Lead Judging Commences
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.