FV-SOL-1-C2 Cross Function

TLDR

Attacker uses multiple functions within the same contract that share state

Game

Cross-function reentrancy occurs when an attacker can exploit reentrant calls across multiple functions, rather than a single function, how can you see this affecting the nature of the vulnerability?

// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;

contract CrossFunctionReentrancyGame {
    mapping(address => uint256) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw() public {
        uint256 balance = balances[msg.sender];
        require(balance > 0, "Insufficient balance");
        (bool success, ) = msg.sender.call{value: balance}("");
        require(success, "Transfer failed");
        balances[msg.sender] = 0;
    }

    function play() public {
        require(balances[msg.sender] >= 1 ether, "Must have at least 1 ether to play");
        balances[msg.sender] -= 1 ether;
    }
}
PreviousFV-SOL-1-C1 Single FunctionNextFV-SOL-1-C3 Cross Contract

Last updated

Was this helpful?