Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

Withdraw Function Allows Stealing Others’ Credits

0xzulkefal

The function withdrawAllFailedCredits(address _receiver) lets anyone call it and pass in any address as _receiver. It then reads the credit stored for _receiver, but resets the balance for msg.sender and transfers the _receiver’s amount to msg.sender.

This means a malicious user can drain ETH stored for other users.

Issue:

function withdrawAllFailedCredits(address _receiver) external

{ 

`     uint256 amount = failedTransferCredits[_receiver];  ` 

`     require(amount > 0, "No credits to withdraw");  ` 

`     failedTransferCredits[msg.sender] = 0;  ` 

`     (bool success, ) = payable(msg.sender).call{value: amount}("");  ` 

`     require(success, "Withdraw failed");   `

}

Fix:
Restrict withdrawals so that only the credited address can withdraw its own funds.


function withdrawFailedCredits() external {
uint256 amount = failedTransferCredits[msg.sender];
require(amount > 0, "No credits to withdraw");

  `failedTransferCredits[msg.sender] = 0;`

(bool success, ) = payable(msg.sender).call{value: amount}("");````require(success, "Withdraw failed");

}

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.