Skip to content

Latest commit

 

History

History
48 lines (34 loc) · 1.49 KB

047.md

File metadata and controls

48 lines (34 loc) · 1.49 KB

Keen Spruce Bison

High

Reentrancy Attack in ReputationMarket::withdrawGraduatedMarketFunds()

Summary

Reentrancy attack occurs when protocol not implemented yet CEI pattern in ReputationMarket::withdrawGraduatedMarketFunds(). Attacker could still all of funds from protocol.

Vulnerability detail

This vulnerability comes from protocol not doing check-effect-interactions in system. Let's see code below :

https://github.com/sherlock-audit/2024-11-ethos-network-ii/blob/main/ethos/packages/contracts/contracts/ReputationMarket.sol#L660-L678

Native token are sent first and then state of marketFunds[profileId] is updated after sending the native token. It can impact reentrancy attack to the protocol.

Impact

Attacker can still all of funds from the protocol.

Recommendations

Implement CEI to avoid reentrancy attack

 function withdrawGraduatedMarketFunds(uint256 profileId) public whenNotPaused { 
   address authorizedAddress = contractAddressManager.getContractAddressForName( 
     "GRADUATION_WITHDRAWAL" 
   ); 
   if (msg.sender != authorizedAddress) { 
     revert UnauthorizedWithdrawal(); 
   } 
   _checkMarketExists(profileId); 
   if (!graduatedMarkets[profileId]) { 
     revert MarketNotGraduated(); 
   } 
   if (marketFunds[profileId] == 0) { 
     revert InsufficientFunds(); 
   } 

+   marketFunds[profileId] = 0;
   _sendEth(marketFunds[profileId]); 
   emit MarketFundsWithdrawn(profileId, msg.sender, marketFunds[profileId]); 
-   marketFunds[profileId] = 0; 
 }