OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

### [L-3] CEI Pattern violation in ```OrderBook::withdrawFees``` Function

wolf_kalp

[L-3] CEI Pattern violation in OrderBook::withdrawFees Function

Description

The OrderBook::withdrawFees Function Violates the CEI (Checks-Effects-Interactions) Patterns
by performing an external call before updating internal state variable.

This violation increases chances of getting disrupt through reentrancy attacks.

Impact:

1.Minor risk of inconsistent state due to reentancy attacks.

2.Breaks solidity best practices.

3.Static analysis and formal tools may flag this as unsafe.

Recommended Mitigation

function withdrawFees(address _to) external onlyOwner {
if (totalFees == 0) {
revert InvalidAmount();
}
if (_to == address(0)) {
revert InvalidAddress();
}
+ uint amount=totalfees;
+ totalFees = 0;
+ iUSDC.safeTransfer(_to, amount);
emit FeesWithdrawn(_to);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge
6 months ago
yeahchibyke Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

CEI pattern not followed in `withdrawFees()` function

`withdrawFees()` function performs an external transfer using `iUSDC.safeTransfer()` before resetting totalFees. This breaks the `Checks-Effects-Interactions (CEI)` pattern and can lead to incorrect internal state if the transfer fails for any reason.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!