OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

### [L-3] CEI Pattern violation in ```OrderBook::withdrawFees``` Function

wolf_kalp

[L-3] CEI Pattern violation in OrderBook::withdrawFees Function

Description

The OrderBook::withdrawFees Function Violates the CEI (Checks-Effects-Interactions) Patterns
by performing an external call before updating internal state variable.

This violation increases chances of getting disrupt through reentrancy attacks.

Impact:

1.Minor risk of inconsistent state due to reentancy attacks.

2.Breaks solidity best practices.

3.Static analysis and formal tools may flag this as unsafe.

Recommended Mitigation

function withdrawFees(address _to) external onlyOwner {
if (totalFees == 0) {
revert InvalidAmount();
}
if (_to == address(0)) {
revert InvalidAddress();
}
+ uint amount=totalfees;
+ totalFees = 0;
+ iUSDC.safeTransfer(_to, amount);
emit FeesWithdrawn(_to);
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge
4 months ago
yeahchibyke Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

CEI pattern not followed in `withdrawFees()` function

`withdrawFees()` function performs an external transfer using `iUSDC.safeTransfer()` before resetting totalFees. This breaks the `Checks-Effects-Interactions (CEI)` pattern and can lead to incorrect internal state if the transfer fails for any reason.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.