Closed sherlock-admin closed 5 months ago
iberry
medium
_withdrawAll function does not adhere to the CEI pattern
The _withdrawAll function in the CouncilMember,first call transfer money,then set balances[tokenId] = 0;this may be cause reentry。
medium,may be lead to reentry
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L339-L341
Manual Review
function _withdrawAll(address from, uint256 tokenId) internal { uint256 amount = balances[tokenId]; balances[tokenId] = 0; TELCOIN.safeTransfer(from, amount); }
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { not psossible; invalid}
Invalid, insufficient proof that reentrancy is possible.
iberry
medium
The _withdrawAll function in the CouncilMember contract does not adhere to the CEI pattern
Summary
_withdrawAll function does not adhere to the CEI pattern
Vulnerability Detail
The _withdrawAll function in the CouncilMember,first call transfer money,then set balances[tokenId] = 0;this may be cause reentry。
Impact
medium,may be lead to reentry
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L339-L341
Tool used
Manual Review
Recommendation