Reentrancy Vulnerability in the `donate` Function
Root Cause and Impact
-
Root Cause: The
donatefunction violates the Checks-Effects-Interactions (CEI) pattern by making an external call before updating internal state. -
Impact: A malicious charity contract could exploit this to perform a reentrancy attack, potentially causing multiple unintended token mints or disrupting the donation process.
Vulnerability Details
-
donateFunction Code:function donate(address charity) public payable {require(registry.isVerified(charity), "Charity not verified");(bool sent,) = charity.call{value: msg.value}("");require(sent, "Failed to send Ether");_mint(msg.sender, tokenCounter);// ...}Issue: External call to
charity.calloccurs before_mint.Consequence: If
charityis a malicious contract, it could re-enter thedonatefunction.
Recommendations
-
Reorder Operations Following CEI Pattern:
function donate(address charity) public payable {require(registry.isVerified(charity), "Charity not verified");_mint(msg.sender, tokenCounter);// Update token URI and counter// ...(bool sent,) = charity.call{value: msg.value}("");require(sent, "Failed to send Ether");} -
Use Reentrancy Guards:
-
Implement OpenZeppelin's
ReentrancyGuard:contract GivingThanks is ERC721URIStorage, ReentrancyGuard {// ...function donate(address charity) public payable nonReentrant {// Function code}}
-
-
Validate the
charityAddress:Ensure
charityis not a contract with fallback functions that could exploit reentrancy.
Lead Judging Commences
finding-donate-reentrancy-multiple-NFT-minted
Impact: High, one charity can reenter the donate function with the same ETH provided and mint several NFT. Likelyhood: Low, any malicious charity can do it but Admin is trusted and should verify the charity contract before "verifying" it.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.