Closed sherlock-admin2 closed 9 months ago
Invalid, reentrancy is not possible, and this issue certainly doesn't prove that
1 comment(s) were left on this issue during the judging contest.
pratraut commented:
'invalid due to recipient being TRUSTED entity'
kgothatso
high
Reentrancy attack and loss of funds
Summary
user or contract can re-enter the claim function
Vulnerability Detail
Reentrancy attack
Impact
funds can be lost
Code Snippet
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrow.sol#L136
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrow.sol#L202
Tool used
Manual Review
Recommendation
Use Reentrancy Guard