During staking operation in LM_PC_KPIRewarder_v1.sol::postAssertion:
function postAssertion(
bytes32 dataId,
uint assertedValue,
address asserter,
uint targetKPI
) public onlyModuleRole(ASSERTER_ROLE) returns (bytes32 assertionId) {
//REDACTED
//--------------------------------------------------------------------------
// Staking Queue Management
for (uint i = 0; i < stakingQueue.length; i++) {
address user = stakingQueue[i];
_stake(user, stakingQueueAmounts[user]);
totalQueuedFunds -= stakingQueueAmounts[user];
stakingQueueAmounts[user] = 0;
}
//REDACTED
The code above is lacking Check-Effect-Interaction pattern as the contract directly calls _stake function without first setting stakingQueueAmounts[user] to 0.
Attack Scenario\
Failing to follow CEI pattern can leave contracts vulnerable to reentrancy attacks.
Attachments
NA
Proof of Concept (PoC) File
Refer above.
Revised Code File (Optional)
Introduce check
effects interaction pattern by making the following changes:
Github username: @erictee2802 Twitter username: 0xEricTee Submission hash (on-chain): 0x2ff66940a0f223abe645bfb15946bf08ceba2d1b8d1130541ba3eac6f9b41798 Severity: low
Description: Description\
During staking operation in
LM_PC_KPIRewarder_v1.sol::postAssertion
:The code above is lacking Check-Effect-Interaction pattern as the contract directly calls
_stake
function without first settingstakingQueueAmounts[user]
to0
.Attack Scenario\
Failing to follow CEI pattern can leave contracts vulnerable to reentrancy attacks.
Attachments
NA
Refer above.