locker.sol
Issue 01
Description
The functions call external contracts, exposing themselves to potential reentrancy attacks.
The code does not follow check effect interactions pattern.
Recommendation
Add a reentrancy guard or follow check-effect interactions pattern. check-effect interaction pattern is more recommended because reentrancy guard has limitations such us calling other function which has reentrancy guard protection will cause an error.
Issue 02
Description
Add a message to the require
statement.
Issue 03
Description
Anyone can call unlock on behalf of the lock owner if they have the lock id.
Recommendation
Add a require statement that makes sure only the owner of the lock may call this function.
Issue 04
Description
currentLock.claimed
should be subtracted from releaseAmount
. Otherwise, users can call the function twice in a row.
Recommendation
Add a require statement that makes sure only the owner of the lock may call this function.
Issue 05
Description
The userLock
array's size is limitless. Iterating over an unbounded array may cause the transaction to hit the block gas limit.
Recommendation
Add length restrictions on the number of iterations.
⚠️ The maximum iterations is limited by 100, however the team need to check that the code doesn't reach block gas limit if the userLock array size is 100.
Last updated