Description:Description\
Reentrancy in claimfee function
Attack Scenario\
Delete when used to delete from mappings doesnt work , it doesnt change the state it leaves the data as it is leaving the claim fee function open for classic reentrancy attack : the malicious owner Could repeatedly call Claimfees and because delete doesnt alter the claimfee balance of the owner , the owner is able to Drain all of the funds
luzzif
commented
1 month ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0x3984922885c18c3e257ff5fb6caae6ac19818cb242a366a42f8285c50b3d45ca Severity: high
Description: Description\ Reentrancy in claimfee function
Attack Scenario\ Delete when used to delete from mappings doesnt work , it doesnt change the state it leaves the data as it is leaving the claim fee function open for classic reentrancy attack : the malicious owner Could repeatedly call Claimfees and because delete doesnt alter the claimfee balance of the owner , the owner is able to Drain all of the funds
Attachments https://github.com/hats-finance/Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/blob/e9d6b1e594d5bb3694bfe68f73399156ebb5d3a4/src/Metrom.sol#L295-L312 will not reset or clear the mapping; it will simply leave it as it is. This is because mappings are a complex data structure in Solidity, and resetting them entirely would require more complex logic.