Check-Effects-Interactions Missing in mintRamNFT Function Leading to Reentrancy Attack Vulnerability
Summary
The mintRamNFT function in the Dussehra protocol is vulnerable to reentrancy attacks due to the missing check-effects-interactions pattern. An attacker could exploit this vulnerability to manipulate the tokenCounter, mint multiple tokens for the same ID, and potentially double-spend tokens, leading to significant disruptions and loss of NFTs.
Vulnerability Details
The mintRamNFT function in the Dussehra protocol mints a new NFT and assigns it to a specified address. However, the function is missing the check-effects-interactions pattern, which can lead to potential reentrancy attacks. Here is the original function:
The function increments the tokenCounter and mints a new token before updating the Characteristics mapping. If the _safeMint function makes an external call (e.g., to the recipient's contract), an attacker could exploit this by reentering the function before the state update is completed.
Impact
An attacker could exploit this vulnerability to manipulate the tokenCounter, mint multiple tokens for the same ID and potentially double-spend tokens, leading to significant disruptions and loss of NFTs.
Tools Used
Manual review
Recommendations
Implement Check-Effects-Interactions Pattern:
Update the state variables before making any external calls to prevent reentrancy attacks.
Lead Judging Commences
Invalid - reentrancy in safeMint
The problem is that the `mintRamNFT` function is public and anyone can call it, not that the function uses `_safeMint`.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.