Missing Reentrancy Protection in depositEggToVault()
Summary
The depositEggToVault() function in EggHuntGame is vulnerable to reentrancy attacks because it calls transferFrom() on the NFT contract before updating the vault's state.
Vulnerability Details
The function calls transferFrom() before updating vault storage:
This order allows malicious contracts to exploit reentrancy attacks.
Impact
An attacker could deploy a malicious contract that triggers reentrancy, leading to:
Excessive token deposits
Inconsistent contract states
Potential token theft
Tools Used
Solidity
OpenZeppelin Contracts
Reentrancy Attack Simulation
Recommendations
-
Apply the Checks-Effects-Interactions pattern:
Update the vault state before transferring the token:
eggVault.depositEgg(tokenId, msg.sender);eggNFT.transferFrom(msg.sender, address(eggVault), tokenId); -
Use ReentrancyGuard to prevent reentrancy:
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";contract EggHuntGame is Ownable, ReentrancyGuard {function depositEggToVault(uint256 tokenId) external nonReentrant {...}}
This refactor ensures secure handling of state updates and external calls.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.