DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

NFT contract doesn't follow CEI pattern

epintos

Summary

The SoulboundProfileNFT doesn't follow the CEI pattern.

Vulnerability Details

mintProfile, burnProfile and blockProfile don't follow the CEI pattern. In this particular case, there is no re-entrancy vulnerability because _safeMint and burn don't make external calls. For clarity and to prevent future security risks, it is adviced to move the call to these functions after modifying states.

Impact

There is no impact with the current contract implementation, but not following the CEI pattern could cause future errors and makes it harder to maintain.

Tools Used

  • Manual Review

Recommendations

Implement the following changes:

_profiles[tokenId] = Profile(name, age, profileImage);
profileToToken[msg.sender] = tokenId;
_safeMint(msg.sender, tokenId);
delete profileToToken[msg.sender];
delete _profiles[tokenId];
_burn(tokenId);
delete profileToToken[blockAddress];
delete _profiles[tokenId];
_burn(tokenId);
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.