forked from jcsec-security/all-things-reentrancy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path03-xContract.sol
40 lines (25 loc) · 1.1 KB
/
03-xContract.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.13;
import "openzeppelin-contracts/contracts/security/ReentrancyGuard.sol";
interface IERC20BurnableMintable {
function mint(address to, uint256 amount) external;
function burnAll(address account) external;
function balanceOf(address account) external view returns (uint256);
}
contract Vulnerable is ReentrancyGuard {
IERC20BurnableMintable public atrToken;
constructor(address token_address) {
atrToken = IERC20BurnableMintable(token_address);
}
function stake() external payable nonReentrant() {
require(msg.value > 0, "Funds not sent!");
atrToken.mint(msg.sender, msg.value);
}
function unstake() external nonReentrant() {// Last minute fn without security patterns in mind, just relying on the modifier
uint256 usr_balance = atrToken.balanceOf(msg.sender);
require(usr_balance > 0, "No funds available!");
(bool success, ) = payable(msg.sender).call{value: usr_balance}("");
require(success, "Eth transfer failed" );
atrToken.burnAll(msg.sender); // Was it CEI or CIE? Not sure... :P
}
}