The _safeMint function can potentially call an external contract if the recipient is a smart contract. This external call could lead to a reentrancy attack if the called contract calls back into the mintRamNFT function before the Characteristics mapping is updated.
The _safeMint function in the mintRamNFT implementation can potentially call an external contract if the recipient is a smart contract. When _safeMint is executed, it triggers a safeTransfer call, which includes a callback to the recipient contract's onERC721Received function. If the recipient contract is malicious, it can exploit this callback to re-enter the mintRamNFT function before the Characteristics mapping is updated.
If _safeMint or any subsequent operation in mintRamNFT calls an external contract or allows external code to execute, an attacker could write a malicious contract that re-enters mintRamNFT during the execution, causing the tokenCounter to increment multiple times within a single transaction.
manual testing
Reorder the statements in the mintRamNFT function so that the Characteristics mapping is updated before _safeMint is called.
function mintRamNFT(address to) public {
uint256 newTokenId = tokenCounter++;
Characteristics[newTokenId] = CharacteristicsOfRam({
ram: to,
isJitaKrodhah: false,
isDhyutimaan: false,
isVidvaan: false,
isAatmavan: false,
isSatyavaakyah: false
});
_safeMint(to, newTokenId);
}
The problem is that the `mintRamNFT` function is public and anyone can call it, not that the function uses `_safeMint`.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.