Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-02-CONCUR-FINDINGS-ISSUES-276
HistoryApr 29, 2022 - 12:00 a.m.

claimRewards() didnt follow the safe check effect pattern

2022-04-2900:00:00
Code4rena
github.com
3
JSON

Judge @GalloDaSballo has assessed the 2nd item in QA Report #230 as Medium risk. The relevant finding follows:

Impact

a user can claim a reward by calling the claimRewards(), however this function didnt follow the correct check effect pattern, where the zero address is set after making an external call, lets say the reward token is erc777 which will make an external during transfer, the user can reenter this function since this function didnt follow the check effect pattern and didnt have a noreentrant modifier, the user can claim token with reentrancy.

#Proof of Concept

The text was updated successfully, but these errors were encountered:

All reactions

JSON