Submission Details
Impact:
Likelihood:
Modifier Order: Placing `nonReentrant` at the End of the Modifier List Is Safe
Modifier Order: Placing nonReentrant at the End of the Modifier List Is Safe
Description
-
In Solidity, modifiers are executed in top-to-bottom order, as listed in the function signature.
-
The function
claimThrone()uses multiple modifiers in the following order:
function claimThrone() external payable gameNotEnded @>nonReentrant<@ {
Risk
Likelihood:
-
This is a non-issue in this case, but misunderstanding of modifier order is common.
-
Risk increases only if modifiers change state in ways that affect each other — which is not true here.
Impact:
To protect against reentrancy in other modifiers, the `nonReentrant` modifier should be the first modifier in the list of modifiers.
Proof of Concept
function claimThrone() external payable gameNotEnded nonReentrant {
...
}
// Execution order:
// 1. gameNotEnded modifier
// 2. nonReentrant modifier (sets mutex)
// 3. Function body (protected by mutex)
Recommended Mitigation
- function claimThrone() external payable gameNotEnded nonReentrant {
+ function claimThrone() external payable nonReentrant gameNotEnded {
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.