Reentrancy Risk
Summary: In the contract SoulboundProfileNFT.sol, the state variable profileToToken[msg.sender] is updated after the function _safeMint() makes an external call. The state variable profileToToken[msg.sender] is updated after calling _safeMint, so the profileToToken[msg.sender] is still 0, allowing the attacker to mint multiple profiles.
Impact: Attacker could mint multiple profiles instead of just one.
Recommended Mitigation: To prevent, please follow Checks, Effects and Interaction pattern (CEI). Update the profileToToken mapping before calling _safeMint as shown below:
```solidity
function mintProfile(string memory name, uint8 age, string memory profileImage) external {
require(profileToToken[msg.sender] == 0, "Profile already exists");
Appeal created
finding_mintProfile_reentrancy
Likelihood: High, anyone can do it. Impact: Low, several profile will be minted, which is not allowed by the protocol, but only the last one will be stored in profileToToken and won't affect `likeUser` or `matchRewards`.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.