F-2025-0021·defense-in-depth

Inconsistent use of ReentrancyGuard

Acknowledgedstakingnft-boostrewards
TL;DR

fundRewards lacks the nonReentrant modifier while the other token-interacting functions (stakeTokens, closePosition) have it, breaking the contract's defensive pattern.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

The fundRewards function lacks the nonReentrant modifier while other token-interacting functions (stakeTokens, closePosition) implement it. This inconsistency appears to be an oversight during the addition of this new function:

solidity
/**
 * New Function: Fund rewards manually
 * Allows owner to send extra tokens to the contract so users can claim their interest.
 */
function fundRewards(uint256 amount) external onlyOwner {
    // Missing nonReentrant modifier
}

While there is no immediate security risk due to trusted tokens, this inconsistency in security patterns could cause issues if the contract is upgraded or integrated with different tokens in the future.

03Section · Recommendation

Recommendation

Add the nonReentrant modifier to fundRewards for consistency with other token-interacting functions.

ZEALYNX SECURITY · published 2025-05-19
F-2025-0021

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx