Submission Details
Severity:
Check-Effects-Interactions Pattern Violation
Summary
The withdrawEgg() function in EggVault modifies state after making an external call, violating the check-effects-interactions pattern.
Vulnerability Details
The function updates state variables after calling transferFrom():
function withdrawEgg(uint256 tokenId) public {
require(storedEggs[tokenId], "Egg not in vault");
require(eggDepositors[tokenId] == msg.sender, "Not the original depositor");
storedEggs[tokenId] = false;
delete eggDepositors[tokenId];
eggNFT.transferFrom(address(this), msg.sender, tokenId);
emit EggWithdrawn(msg.sender, tokenId);
}
Impact
While standard ERC721 implementations don't typically enable reentrancy attacks during transfers, this pattern violation remains a risk if the NFT contract has custom behavior or is upgraded in the future.
Tools Used
Code review
Recommendations
Reorder operations to follow the check-effects-interactions pattern:
function withdrawEgg(uint256 tokenId) public {
require(storedEggs[tokenId], "Egg not in vault");
require(eggDepositors[tokenId] == msg.sender, "Not the original depositor");
// Update state before external call
storedEggs[tokenId] = false;
delete eggDepositors[tokenId];
// Make external call after state changes
eggNFT.transferFrom(address(this), msg.sender, tokenId);
emit EggWithdrawn(msg.sender, tokenId);
}
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.