Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Identifying and Mitigating Reentrancy Vulnerabilities in the RamNFT Smart Contract

Summary

The _safeMint function can potentially call an external contract if the recipient is a smart contract. This external call could lead to a reentrancy attack if the called contract calls back into the mintRamNFT function before the Characteristics mapping is updated.

Vulnerability Details

The _safeMint function in the mintRamNFT implementation can potentially call an external contract if the recipient is a smart contract. When _safeMint is executed, it triggers a safeTransfer call, which includes a callback to the recipient contract's onERC721Received function. If the recipient contract is malicious, it can exploit this callback to re-enter the mintRamNFT function before the Characteristics mapping is updated.

Impact

If _safeMint or any subsequent operation in mintRamNFT calls an external contract or allows external code to execute, an attacker could write a malicious contract that re-enters mintRamNFT during the execution, causing the tokenCounter to increment multiple times within a single transaction.

Tools Used

manual testing

Recommendations

Reorder the statements in the mintRamNFT function so that the Characteristics mapping is updated before _safeMint is called.

function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;

Characteristics[newTokenId] = CharacteristicsOfRam({
    ram: to,
    isJitaKrodhah: false,
    isDhyutimaan: false,
    isVidvaan: false,
    isAatmavan: false,
    isSatyavaakyah: false
});

_safeMint(to, newTokenId);

}

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Invalid - reentrancy in safeMint

The problem is that the `mintRamNFT` function is public and anyone can call it, not that the function uses `_safeMint`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.