Submission Details
Impact:
Likelihood:
Missing ReentrancyGuard for function that transfer token
Missing ReentrancyGuard for function that transfer token can lead to a contract fund draining
Description
-
Every token transfer should be an atomic operation of the contract
-
No mutex is used in the contract
@function deposit(uint256 assets, address receiver) public override returns (uint256) {
@function joinEvent(uint256 countryId) public {
@function cancelParticipation () public {
@function withdraw() external winnerSet {
Risk
Likelihood:
Will occur when a malicious participant or contract will callback the contract or function before the end of the function
Impact:
Fund are drained
Recommended Mitigation
+import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
-function deposit(uint256 assets, address receiver) public override returns (uint256) {
+function deposit(uint256 assets, address receiver) public nonReentrant override returns (uint256) {
-function joinEvent(uint256 countryId) public {
+function joinEvent(uint256 countryId) public nonReentrant {
-function cancelParticipation () public {
+function cancelParticipation () public nonReentrant {
-function withdraw() external winnerSet {
+function withdraw() external winnerSet nonReentrant {
Rewards breakdown
nSLOC
193This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.