Submission Details
Severity:
Not So Safe `Minting`. Despite `Reentrancy` is handled and `locked`.
Summary
Soulmate::mintSoulmateToken and LoveToken:initVault public functions are using _mint function to mint the NFTs and ERC20s. Regardless of this, Reentrancy is beign handled and locked by a private state mapping variable idToOwners state update idToOwners[nextID][1] = msg.sender and msg.sender == airdropVault.
function mintSoulmateToken() public returns (uint256) {
// Check if people already have a soulmate, which means already have a token
address soulmate = soulmateOf[msg.sender];
if (soulmate != address(0)) {
revert Soulmate__alreadyHaveASoulmate(soulmate);
}
address soulmate1 = idToOwners[nextID][0];
address soulmate2 = idToOwners[nextID][1];
if (soulmate1 == address(0)) {
idToOwners[nextID][0] = msg.sender;
ownerToId[msg.sender] = nextID;
emit SoulmateIsWaiting(msg.sender);
} else if (soulmate2 == address(0)) {
idToOwners[nextID][1] = msg.sender;
// Once 2 soulmates are reunited, the token is minted
ownerToId[msg.sender] = nextID;
soulmateOf[msg.sender] = soulmate1;
soulmateOf[soulmate1] = msg.sender;
idToCreationTimestamp[nextID] = block.timestamp;
emit SoulmateAreReunited(soulmate1, soulmate2, nextID);
// ------------
// ------ ||
// --- \/
@> _mint(msg.sender, nextID++); // info - not so safe minting
}
return ownerToId[msg.sender];
}
Vulnerability Details
None
Impact
an unfortunate Reentrancy issue may arise unexpectedly.
Tools Used
Manual Review
Recommendations
Use Openzeppelin's Library for all ERC721 & ERC20 interactions.
Rewards breakdown
nSLOC
233This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.