search

code-423n4 / 2022-05-vetoken-findings

1 stars 1 forks source link

DoS with Failed Call in VE3DRewardPool.sol #47

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VE3DRewardPool.sol#L258

Vulnerability details

Impact

This call is executed following another call within the same transaction. It is possible that the call never gets executed if a prior call fails permanently. This could be caused intentionally by a malicious callee since it is a public function.

Proof of Concept

Setup Transaction

{
  "address": "",
  "gasLimit": "0x2ffffff",
  "gasPrice": "0x3b9aca000",
  "input": "0x60c06040523480156200001157600080fd5b50604051620026e7380380620026e78339810160408190526200003491620000cb565b6200003f336200005e565b6001600160601b0319606092831b8116608052911b1660a05262000103565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b80516001600160a01b0381168114620000c657600080fd5b919050565b60008060408385031215620000df57600080fd5b620000ea83620000ae565b9150620000fa60208401620000ae565b90509250929050565b60805160601c60a05160601c61258e62000159600039600081816102010152818161066d0152610cd3015260008181610324015281816109b901528181610c2701528181610e1d01526110f9015261258e6000f3fe608060405234801561001057600080fd5b50600436106101da5760003560e01c806372f702f311610104578063d398b425116100a2578063ef058c3411610071578063ef058c341461049a578063f1229777146104ad578063f2fde38b146104c0578063f9a6e764146104d357600080fd5b8063d398b425146103ab578063d55a23f414610476578063d73792a91461047e578063e69d849d1461048757600080fd5b80639870d7fe116100de5780639870d7fe1461035f578063a4698feb14610372578063a694fc3a14610385578063ac8a584a1461039857600080fd5b806372f702f31461031f5780638da5cb5b146103465780638dcb40611461035757600080fd5b80632ee409081161017c578063638634ee1161014b578063638634ee146102d25780636c8bcee8146102e557806370a08231146102ee578063715018a61461031757600080fd5b80632ee409081461028657806338d074361461029957806340c35446146102ac5780635e43c47b146102bf57600080fd5b80630fb5a6b4116101b85780630fb5a6b41461024057806318160ddd146102585780631c1c6fe514610260578063211dc32d1461027357600080fd5b806304d0c2c5146101df5780630569d388146101f45780630f4ef8a6146101fc575b600080fd5b6101f26101ed3660046122e2565b6104e6565b005b6101f2610662565b6102237f000000000000000000000000000000000000000000000000000000000000000081565b6040516001600160a01b0390911681526020015b60405180910390f35b61024a62093a8081565b604051908152602001610237565b60015461024a565b6101f261026e36600461230c565b6106b8565b61024a610281366004612212565b6106d5565b6101f26102943660046122e2565b61079a565b6101f26102a7366004612378565b610a1d565b6102236102ba366004612346565b610c9e565b6101f26102cd3660046121f7565b610cc8565b61024a6102e03660046121f7565b610daa565b61024a61033e81565b61024a6102fc3660046121f7565b6001600160a01b031660009081526002602052604090205490565b6101f2610dd1565b6102237f000000000000000000000000000000000000000000000000000000000000000081565b6000546001600160a01b0316610223565b6101f2610e05565b6101f261036d3660046121f7565b610eaa565b6101f261038036600461230c565b610ee3565b6101f2610393366004612346565b610eef565b6101f26103a63660046121f7565b611164565b61041b6103b93660046121f7565b600360208190526000918252604090912080546001820154600283015493830154600484015460058501546006860154600787015460088801546009909801546001600160a01b0397881699968816989790961696949593949293919290918a565b604080516001600160a01b039b8c168152998b1660208b015297909916968801969096526060870194909452608086019290925260a085015260c084015260e083015261010082015261012081019190915261014001610237565b60085461024a565b61024a61271081565b6101f26104953660046122e2565b611199565b6101f26104a8366004612245565b6111e2565b61024a6104bb3660046121f7565b611265565b6101f26104ce3660046121f7565b611317565b6101f26104e1366004612299565b6113af565b6104f160063361183b565b6105165760405162461bcd60e51b815260040161050d9061242c565b60405180910390fd5b6001600160a01b0382166000908152600360208190526040909120015461053e90829061185d565b6001600160a01b038316600090815260036020526040902060080154909150421061058b5761056d8282611869565b506001600160a01b0316600090815260036020819052604082200155565b6001600160a01b0382166000908152600360205260408120600801546105bf906105b89062093a80611ad7565b4290611ad7565b6001600160a01b038416600090815260036020526040812060040154919250906105ea90839061248b565b90506000610604846105fe846103e8611ae3565b90611aef565b905061033e81101561063b5761061a8585611869565b6001600160a01b03851660009081526003602081905260408220015561065b565b6001600160a01b0385166000908152600360208190526040909120018490555b5050505050565b336001600160a01b037f000000000000000000000000000000000000000000000000000000000000000016146106aa5760405162461bcd60e51b815260040161050d9061242c565b6106b6600860006121a9565b565b336000908152600260205260409020546106d29082610a1d565b50565b6001600160a01b038083166000908152600360209081526040808320548151630a1280c360e31b815291519394859491169263509406189260048082019391829003018186803b15801561072857600080fd5b505afa15801561073c573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610760919061235f565b9050600061076e8585611afb565b905060006107826127106105fe8486611ae3565b905061078e8282611ad7565b93505050505b92915050565b816000805b6107a96004611b7a565b81101561086e576107bb600482611b84565b91506107c682611265565b6001600160a01b0383166000908152600360205260409020600601556107eb82610daa565b6001600160a01b0380841660009081526003602052604090206009019190915583161561085c5761081c8284611afb565b6001600160a01b0383811660009081526003602090815260408083209388168352600b84018252808320949094556006830154600a909301905291909120555b80610866816124ed565b91505061079f565b50600083116108bf5760405162461bcd60e51b815260206004820152601b60248201527f526577617264506f6f6c203a2043616e6e6f74207374616b6520300000000000604482015260640161050d565b60085460005b8181101561096257600881815481106108e0576108e0612534565b6000918252602090912001546040516356e4bb9760e11b81526001600160a01b038881166004830152602482018890529091169063adc9772e90604401600060405180830381600087803b15801561093757600080fd5b505af115801561094b573d6000803e3d6000fd5b50505050808061095a906124ed565b9150506108c5565b50600154610970908561185d565b6001556001600160a01b038516600090815260026020526040902054610996908561185d565b6001600160a01b038087166000908152600260205260409020919091556109e1907f000000000000000000000000000000000000000000000000000000000000000016333087611b90565b60405184815233907f9e71bc8eea02a63969f509818f2dafb9254532904319f9dbda79b67bd34a5f3d9060200160405180910390a25050505050565b336000805b610a2c6004611b7a565b811015610af157610a3e600482611b84565b9150610a4982611265565b6001600160a01b038316600090815260036020526040902060060155610a6e82610daa565b6001600160a01b03808416600090815260036020526040902060090191909155831615610adf57610a9f8284611afb565b6001600160a01b0383811660009081526003602090815260408083209388168352600b84018252808320949094556006830154600a909301905291909120555b80610ae9816124ed565b915050610a22565b5060008411610b425760405162461bcd60e51b815260206004820152601e60248201527f526577617264506f6f6c203a2043616e6e6f7420776974686472617720300000604482015260640161050d565b60085460005b81811015610be35760088181548110610b6357610b63612534565b60009182526020909120015460405163f3fef3a360e01b8152336004820152602481018890526001600160a01b039091169063f3fef3a390604401600060405180830381600087803b158015610bb857600080fd5b505af1158015610bcc573d6000803e3d6000fd5b505050508080610bdb906124ed565b915050610b48565b50600154610bf19086611ad7565b60015533600090815260026020526040902054610c0e9086611ad7565b33600081815260026020526040902091909155610c56907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b03169087611c01565b60405185815233907f7084f5476618d8e60b11ef0d7d3f06914655adb8793e28ff7f018d4c76d505d59060200160405180910390a2831561065b5761065b33600160006113af565b60088181548110610cae57600080fd5b6000918252602090912001546001600160a01b0316905081565b336001600160a01b037f00000000000000000000000000000000000000000000000000000000000000001614610d105760405162461bcd60e51b815260040161050d9061242c565b6001600160a01b038116610d585760405162461bcd60e51b815260206004820152600f60248201526e217265776172642073657474696e6760881b604482015260640161050d565b600880546001810182556000919091527ff3f7a9fe364faab93b216da50a3214154f22a0a2b415b23a84c8169e8b636ee30180546001600160a01b0319166001600160a01b0392909216919091179055565b6001600160a01b038116600090815260036020526040812060080154610794904290611c36565b6000546001600160a01b03163314610dfb5760405162461bcd60e51b815260040161050d906123f7565b6106b66000611c4c565b6040516370a0823160e01b81523360048201526000907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316906370a082319060240160206040518083038186803b158015610e6757600080fd5b505afa158015610e7b573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190610e9f919061235f565b90506106d281610eef565b6000546001600160a01b03163314610ed45760405162461bcd60e51b815260040161050d906123f7565b610edf600682611c9c565b5050565b6106d2336001836113af565b336000805b610efe6004611b7a565b811015610fc357610f10600482611b84565b9150610f1b82611265565b6001600160a01b038316600090815260036020526040902060060155610f4082610daa565b6001600160a01b03808416600090815260036020526040902060090191909155831615610fb157610f718284611afb565b6001600160a01b0383811660009081526003602090815260408083209388168352600b84018252808320949094556006830154600a909301905291909120555b80610fbb816124ed565b915050610ef4565b50600083116110145760405162461bcd60e51b815260206004820152601b60248201527f526577617264506f6f6c203a2043616e6e6f74207374616b6520300000000000604482015260640161050d565b60085460005b818110156110b5576008818154811061103557611035612534565b6000918252602090912001546040516356e4bb9760e11b8152336004820152602481018790526001600160a01b039091169063adc9772e90604401600060405180830381600087803b15801561108a57600080fd5b505af115801561109e573d6000803e3d6000fd5b5050505080806110ad906124ed565b91505061101a565b506001546110c3908561185d565b600155336000908152600260205260409020546110e0908561185d565b33600081815260026020526040902091909155611129907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316903087611b90565b60405184815233907f9e71bc8eea02a63969f509818f2dafb9254532904319f9dbda79b67bd34a5f3d9060200160405180910390a250505050565b6000546001600160a01b0316331461118e5760405162461bcd60e51b815260040161050d906123f7565b610edf600682611cb1565b6111ae6001600160a01b038316333084611b90565b6001600160a01b038216600090815260036020819052604082200180548392906111d9908490612451565b90915550505050565b6000546001600160a01b0316331461120c5760405162461bcd60e51b815260040161050d906123f7565b6001600160a01b03848116600090815260036020526040902080546001600160a01b031990811686841617825560018201805482168685161790556002909101805490911691831691909117905561065b600485611c9c565b60008061127160015490565b9050806112985750506001600160a01b031660009081526003602052604090206006015490565b6001600160a01b03831660009081526003602052604090206004810154600990910154611310916112ee9184916105fe91670de0b6b3a7640000916112e89182906112e28c610daa565b90611ad7565b90611ae3565b6001600160a01b0385166000908152600360205260409020600601549061185d565b9392505050565b6000546001600160a01b031633146113415760405162461bcd60e51b815260040161050d906123f7565b6001600160a01b0381166113a65760405162461bcd60e51b815260206004820152602660248201527f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160448201526564647265737360d01b606482015260840161050d565b6106d281611c4c565b826000805b6113be6004611b7a565b811015611483576113d0600482611b84565b91506113db82611265565b6001600160a01b03831660009081526003602052604090206006015561140082610daa565b6001600160a01b03808416600090815260036020526040902060090191909155831615611471576114318284611afb565b6001600160a01b0383811660009081526003602090815260408083209388168352600b84018252808320949094556006830154600a909301905291909120555b8061147b816124ed565b9150506113b4565b506000805b6114926004611b7a565b81101561178d576114a4600482611b84565b915060006114b28389611afb565b9050801561177a576001600160a01b0380841660008181526003602081815260408084208e87168552600b81018352908420849055848452919052546114f9931690611cc6565b6001600160a01b0380841660008181526003602052604090205461151e921683611cc6565b6001600160a01b03838116600090815260036020526040808220549051639a40832160e01b815260048101859052602481019290925290911690639a40832190604401600060405180830381600087803b15801561157b57600080fd5b505af115801561158f573d6000803e3d6000fd5b505050506001600160a01b038381166000908152600360205260408082206002015490516370a0823160e01b8152306004820152919216906370a082319060240160206040518083038186803b1580156115e857600080fd5b505afa1580156115fc573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190611620919061235f565b9050861561170c576001600160a01b038085166000908152600360205260408120600181015460029091015461165c9390811692911690611cc6565b6001600160a01b038085166000908152600360205260409020600181015460029091015461168f92908116911683611cc6565b6001600160a01b03848116600090815260036020526040908190206001015490516305dc812160e31b81528b8316600482015260248101849052911690632ee4090890604401600060405180830381600087803b1580156116ef57600080fd5b505af1158015611703573d6000803e3d6000fd5b50505050611735565b6001600160a01b0380851660009081526003602052604090206002015461173591168a83611c01565b886001600160a01b03167fe2403640ba68fed3a2f88b7557551d1993f84b99bb10ff833f0cf8db0c5e04868260405161177091815260200190565b60405180910390a2505b5080611785816124ed565b915050611488565b5084156118335760085460005b8181101561183057600881815481106117b5576117b5612534565b600091825260209091200154604051630c00007b60e41b81526001600160a01b038a811660048301529091169063c00007b090602401600060405180830381600087803b15801561180557600080fd5b505af1158015611819573d6000803e3d6000fd5b505050508080611828906124ed565b91505061179a565b50505b505050505050565b6001600160a01b03811660009081526001830160205260408120541515611310565b60006113108284612451565b60008060005b6118796004611b7a565b81101561193e5761188b600482611b84565b915061189682611265565b6001600160a01b0383166000908152600360205260409020600601556118bb82610daa565b6001600160a01b0380841660009081526003602052604090206009019190915583161561192c576118ec8284611afb565b6001600160a01b0383811660009081526003602090815260408083209388168352600b84018252808320949094556006830154600a909301905291909120555b80611936816124ed565b91505061186f565b506001600160a01b0384166000908152600360205260408120600501805485929061196a908490612451565b90915550506001600160a01b03841660009081526003602052604090206008015442106119bf5761199e8362093a80611aef565b6001600160a01b038516600090815260036020526040902060040155611a4a565b6001600160a01b0384166000908152600360205260408120600801546119e59042611ad7565b6001600160a01b03861660009081526003602052604081206004015491925090611a10908390611ae3565b9050611a1c858261185d565b9450611a2b8562093a80611aef565b6001600160a01b03871660009081526003602052604090206004015550505b6001600160a01b038416600090815260036020526040902060078101849055426009909101819055611a7f9062093a8061185d565b6001600160a01b03851660009081526003602090815260409182902060080192909255518481527fde88a922e0d3b88b24e9623efeb464919c6bf9f66857a65e2bfcf2ce87a9433d910160405180910390a150505050565b600061131082846124aa565b6000611310828461248b565b60006113108284612469565b6001600160a01b0382811660009081526003602090815260408083209385168352600b8401825280832054600a909401909152812054909161131091611b7490670de0b6b3a7640000906105fe90611b56906112e28a611265565b6001600160a01b0388166000908152600260205260409020546112e8565b9061185d565b6000610794825490565b60006113108383611dea565b6040516001600160a01b0380851660248301528316604482015260648101829052611bfb9085906323b872dd60e01b906084015b60408051601f198184030181529190526020810180516001600160e01b03166001600160e01b031990931692909217909152611e14565b50505050565b6040516001600160a01b038316602482015260448101829052611c3190849063a9059cbb60e01b90606401611bc4565b505050565b6000818310611c455781611310565b5090919050565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000611310836001600160a01b038416611ee6565b6000611310836001600160a01b038416611f35565b801580611d4f5750604051636eb1769f60e11b81523060048201526001600160a01b03838116602483015284169063dd62ed3e9060440160206040518083038186803b158015611d1557600080fd5b505afa158015611d29573d6000803e3d6000fd5b505050506040513d601f19601f82011682018060405250810190611d4d919061235f565b155b611dba5760405162461bcd60e51b815260206004820152603660248201527f5361666545524332303a20617070726f76652066726f6d206e6f6e2d7a65726f60448201527520746f206e6f6e2d7a65726f20616c6c6f77616e636560501b606482015260840161050d565b6040516001600160a01b038316602482015260448101829052611c3190849063095ea7b360e01b90606401611bc4565b6000826000018281548110611e0157611e01612534565b9060005260206000200154905092915050565b6000611e69826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564815250856001600160a01b03166120289092919063ffffffff16565b805190915015611c315780806020019051810190611e879190612329565b611c315760405162461bcd60e51b815260206004820152602a60248201527f5361666545524332303a204552433230206f7065726174696f6e20646964206e6044820152691bdd081cdd58d8d9595960b21b606482015260840161050d565b6000818152600183016020526040812054611f2d57508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155610794565b506000610794565b6000818152600183016020526040812054801561201e576000611f596001836124aa565b8554909150600090611f6d906001906124aa565b9050818114611fd2576000866000018281548110611f8d57611f8d612534565b9060005260206000200154905080876000018481548110611fb057611fb0612534565b6000918252602080832090910192909255918252600188019052604090208390555b8554869080611fe357611fe361251e565b600190038181906000526020600020016000905590558560010160008681526020019081526020016000206000905560019350505050610794565b6000915050610794565b6060612037848460008561203f565b949350505050565b6060824710156120a05760405162461bcd60e51b815260206004820152602660248201527f416464726573733a20696e73756666696369656e742062616c616e636520666f6044820152651c8818d85b1b60d21b606482015260840161050d565b6001600160a01b0385163b6120f75760405162461bcd60e51b815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000604482015260640161050d565b600080866001600160a01b0316858760405161211391906123a8565b60006040518083038185875af1925050503d8060008114612150576040519150601f19603f3d011682016040523d82523d6000602084013e612155565b606091505b5091509150612165828286612170565b979650505050505050565b6060831561217f575081611310565b82511561218f5782518084602001fd5b8160405162461bcd60e51b815260040161050d91906123c4565b50805460008255906000526020600020908101906106d291905b808211156121d757600081556001016121c3565b5090565b80356001600160a01b03811681146121f257600080fd5b919050565b60006020828403121561220957600080fd5b611310826121db565b6000806040838503121561222557600080fd5b61222e836121db565b915061223c602084016121db565b90509250929050565b6000806000806080858703121561225b57600080fd5b612264856121db565b9350612272602086016121db565b9250612280604086016121db565b915061228e606086016121db565b905092959194509250565b6000806000606084860312156122ae57600080fd5b6122b7846121db565b925060208401356122c78161254a565b915060408401356122d78161254a565b809150509250925092565b600080604083850312156122f557600080fd5b6122fe836121db565b946020939093013593505050565b60006020828403121561231e57600080fd5b81356113108161254a565b60006020828403121561233b57600080fd5b81516113108161254a565b60006020828403121561235857600080fd5b5035919050565b60006020828403121561237157600080fd5b5051919050565b6000806040838503121561238b57600080fd5b82359150602083013561239d8161254a565b809150509250929050565b600082516123ba8184602087016124c1565b9190910192915050565b60208152600082518060208401526123e38160408501602087016124c1565b601f01601f19169190910160400192915050565b6020808252818101527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604082015260600190565b6020808252600b908201526a08585d5d1a1bdc9a5e995960aa1b604082015260600190565b6000821982111561246457612464612508565b500190565b60008261248657634e487b7160e01b600052601260045260246000fd5b500490565b60008160001904831182151516156124a5576124a5612508565b500290565b6000828210156124bc576124bc612508565b500390565b60005b838110156124dc5781810151838201526020016124c4565b83811115611bfb5750506000910152565b600060001982141561250157612501612508565b5060010190565b634e487b7160e01b600052601160045260246000fd5b634e487b7160e01b600052603160045260246000fd5b634e487b7160e01b600052603260045260246000fd5b80151581146106d257600080fdfea26469706673582212202c97560b4eced9350ec01a290e7cde8a734080afe0331b2205f8d14af9cbf68264736f6c6343000807003300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0x2ffffff",
  "blockNumber": "0x0",
  "blockTime": "0x0",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "undefined"
}

Call addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3)

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0x0",
  "input": "0x5e43c47b000000000000000000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddcc00000000000000000000000000000000000000000000000000000000000000000000000000000000d900000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000fc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0x0000000000000000000000000000000000000000",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x54",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x63dc8",
  "blockTime": "0x2b630a",
  "decodedInput": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3)",
  "name": "addExtraReward(address)",
  "hasDecodedInput": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3)"
}

Call addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5)

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0x0",
  "input": "0x5e43c47b000000000000000000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddcc00000000000000000000000000000000000000000000000000000000000000000000000000000000d900000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000fc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0x0000000000000000000000000000000000000000",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x54",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x63dc8",
  "blockTime": "0x2b630a",
  "decodedInput": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5)",
  "name": "addExtraReward(address)",
  "hasDecodedInput": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "addExtraReward(0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa5)"
}

Call withdraw(3271557120, False)

{
  "address": "0x0901d12ebe1b195e5aa8748e62bd7734ae19b51f",
  "gasLimit": "0xff000",
  "gasPrice": "0xd0f8b0a0a",
  "input": "0x38d0743600000000000000000000000000000000000000000000000000000000c300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "origin": "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe",
  "value": "0x0",
  "blockCoinbase": "0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0",
  "blockDifficulty": "0x0",
  "blockGasLimit": "0xff0000",
  "blockNumber": "0x85f6e",
  "blockTime": "0x543dce",
  "decodedInput": "withdraw(3271557120, False)",
  "name": "withdraw(uint256,bool)",
  "hasDecodedInput": "withdraw(3271557120, False)",
  "hasName": true,
  "failedToParse": false,
  "humanReadableInstruction": "withdraw(3271557120, False)"
}

Tools Used

Mythril/Mythx

Recommended Mitigation Steps

Refactor code to only make 1 external call per transaction.

jetbrain10 commented 2 years ago

same as issue #45

GalloDaSballo commented 2 years ago

Dup of #45 INvalid