DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Potential reentrancy risk in `SoulboundProfileNFT::mintProfile`

jufel

Description: SoulboundProfileNFT::mintProfile performs a _safeMint operation before updating the contract's internal state variables. The _safeMint function from OpenZeppelin's ERC721 implementation invokes _checkOnERC721Received, which allows a receiving contract to execute arbitrary logic via the onERC721Received callback. If msg.sender is a malicious smart contract, it could attempt to re-enter SoulboundProfileNFT::mintProfile before the state variables are updated.

Recommended Mitigation: Reorder the state updates to occur before calling _safeMint. This ensures that critical data is set before any external interaction. Although no immediate exploit exists, following the principle of "Checks-Effects-Interactions" enhances the contract's resilience against potential attacks.

function mintProfile(string memory name, uint8 age, string memory profileImage) external {
require(profileToToken[msg.sender] == 0, "Profile already exists");
uint256 tokenId = ++_nextTokenId;
- _safeMint(msg.sender, tokenId);
// Store metadata on-chain
_profiles[tokenId] = Profile(name, age, profileImage);
profileToToken[msg.sender] = tokenId;
+ _safeMint(msg.sender, tokenId);
emit ProfileMinted(msg.sender, tokenId, name, age, profileImage);
}
Updates

Appeal created

n0kto Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_mintProfile_reentrancy

Likelihood: High, anyone can do it. Impact: Low, several profile will be minted, which is not allowed by the protocol, but only the last one will be stored in profileToToken and won't affect `likeUser` or `matchRewards`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.