Re-entrancy due to useage of `_safemint()`
Summary
The collectPresent function is susceptible to reentrancy attacks during the execution of the _mintAndIncrement function. This could allow a malicious user to repeatedly call the collectPresent function and mint an unlimited number of NFTs.
Vulnerability Details
The _mintAndIncrement function is called within the collectPresent function without any reentrancy protection. An attacker will call collectPresent function which will then call ``_mintAndIncrementthat is usingsafemint()` but usage of safemint can cause re-entrancy and due to this he can re-enter the function and mint more
Impact
The reentrancy vulnerability could result in an unauthorized and excessive minting of NFTs, potentially disrupting the intended functionality of the contract and causing economic losses.
Tools Used
No specific tools were used to identify this issue. Manual code review and analysis were sufficient to identify the potential reentrancy vulnerability.
Recommendations
Implement reentrancy protection mechanisms, such as the use of the reentrancyGuard modifier or the Checks-Effects-Interactions pattern, to prevent malicious reentrant calls.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.