Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-03-WENWIN-FINDINGS-ISSUES-490
HistoryMar 09, 2023 - 12:00 a.m.

Reentrancy in staking function exit

2023-03-0900:00:00
Code4rena
github.com
6
reentrancy
staking
vulnerability
impact
proof of concept
slither
mitigation
developer
update reward
withdraw
getreward.
JSON

Lines of code

Vulnerability details

Impact

The user on calling exit calls the updateReward function twice.

Proof of Concept

First entry is in function withdraw() _burn()
<https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/staking/Staking.sol#L85&gt;
Calling the Hook beforeTokenTransfer
<https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/staking/Staking.sol#L108&gt;
Which in turn calls updateReward
<https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/staking/Staking.sol#L118&gt;

Second Entry

getReward call updateReward directly
<https://github.com/code-423n4/2023-03-wenwin/blob/91b89482aaedf8b8feb73c771d11c257eed997e8/src/staking/Staking.sol#L92&gt;

Tools Used

Slither

Recommended Mitigation Steps

Developer should call update Reward not compound the exit function and call getReward and withdraw seperately.

The text was updated successfully, but these errors were encountered:

All reactions

JSON