Submission Details
Severity:
Wrong reentrancy guard implementation
Summary
Reentrancy guard not working due to custom implementation of the transient storage reentrancy guard
Vulnerability Details
The contract implements a custom reentrancy guard using transient storage:
modifier nonReentrant() {
assembly {
if tload(1) { revert(0, 0) }///should be: if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
assembly {
tstore(0, 0)
}
}
Right implementation:
modifier nonreentrant {
assembly {
if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
// Unlocks the guard, making the pattern composable.
// After the function exits, it can be called again, even in the same transaction.
assembly {
tstore(0, 0)
}
}
Impact
Reentrancy guard is not protection external function from reentrant calls that could manipulate transactions
Tools Used
Manual code review
Recommendations
1.implement openzeppelin implementatnion
or
2.Fix the reentrancy guard:
modifier nonReentrant() {
assembly {
if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
assembly { tstore(0, 0) }
}
Updates
Lead Judging Commences
0xtimefliez 4 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
0xtimefliez 4 months ago
Submission Judgement Published Assigned finding tags:
Wrong value in nonReentrant modifier
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.