safeMint reentrancy
Summary
CEI pattern was not respected in the mintRapper() function, alowing attacker to mint several tokens with better default attributes.
Vulnerability Details
Actors:
Attacker: the malicious minter.
Protocol: The SantasList contract itself.
Exploit Scenario:
Initial State: The Protocol is already deployed and the people are calling the mintRapper() function.
Step 1: The Attacker creates a malicious contract calls mintRapper and performs a reentrant call inside the onERC721Received callback that he would also have implemented to allow his contract receiving the NFTs.
Outcome: Attacker already has attributes worth 3 days of staking, without the credTokens of course RapperStats({weakKnees: false, heavyArms: false, spaghettiSweater: false, calmAndReady: false, battlesWon: 0});
Impact
Attacker has street experience without getting to the street, he can mint several NFTs and make them participate in rap battles
Tools Used
Manual analysis
Recommendations
Make the following changes:
function mintRapper() public {
uint256 tokenId = _nextTokenId++;
// Initialize metadata for the minted token
rapperStats[tokenId] =
RapperStats({weakKnees: true, heavyArms: true, spaghettiSweater: true, calmAndReady: false, battlesWon: 0});
_safeMint(msg.sender, tokenId);
}
Lead Judging Commences
mintRapper reentrancy leads to fighting having better chances of winning.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.