Lines of code
<https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L174&gt;
<https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L203&gt;
<https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L263&gt;

Vulnerability details

Impact

If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated.

Proof of Concept

The current implementation of the buy, sell, mintNFT, and burnNFT functions updates the rewardsLastClaimedValue mapping after the token or NFT transfer. If an attacker can execute transactions in rapid succession, they might exploit this order of operations to claim rewards based on the previous state before the rewards calculation is updated. To address this, it is recommended to update the rewardsLastClaimedValue mapping before any state-changing operations to minimize the potential for race conditions.

Tools Used

Manual analysis

Recommended Mitigation Steps

Consider updating the rewardsLastClaimedValue mapping before performing any state-changing operations, such as transferring tokens or NFTs.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions