Reentrancy Vulnerabilities in SoulboundProfileNFT.mintProfile
Root Cause:
ThemintProfilefunction performs an external call via_safeMint(which may trigger a callback on the recipient) before updating internal state variables (such as recording the token ID inprofileToTokenand storing profile metadata). This violates the Checks–Effects–Interactions pattern.Impact:
A malicious receiver contract could exploit the reentrancy possibility to call back intomintProfile(or other functions likeburnProfile/blockProfile) before state changes are finalized. This might lead to inconsistent states or unintended multiple profile creations.Recommendation:
Restructure the function to update all internal state (effects) before performing any external calls (interactions). Alternatively, add a reentrancy guard (using a modifier like OpenZeppelin’snonReentrant) to protect the function against recursive calls.
Appeal created
finding_mintProfile_reentrancy
Likelihood: High, anyone can do it. Impact: Low, several profile will be minted, which is not allowed by the protocol, but only the last one will be stored in profileToToken and won't affect `likeUser` or `matchRewards`.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.