Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Potential Reentrancy in function mintEgg()

blackencodes

Summary

Vulnerability Details

function mintEgg(address to, uint256 tokenId) external returns (bool)
{require(msg.sender == gameContract, "Unauthorized minter");
_mint(to, tokenId); // External call if to is a contract
totalSupply += 1; // State updated after external call ❗
return true;
}

If the to address is a contract, _mint() may invoke:

IERC721Receiver(to).onERC721Received(...)

A malicious contract could reenter and call back into the mintEgg() logic or other vulnerable functions (especially if this contract is later expanded).

Impact

The mintEgg() function calls OpenZeppelin’s _mint(), which triggers onERC721Received() if the recipient (to) is a smart contract. This callback occurs before updating the totalSupply, potentially opening up the function to reentrancy-based state inconsistencies if future logic is added after _mint() or if totalSupply is relied on in security-critical contexts.

Tools Used

Recommendations

Use the nonReentrancyGuard from OpenZeppelin and add a nonReentrant modifier

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract EggstravaganzaNFT is ERC721, Ownable, ReentrancyGuard {
...
function mintEgg(address to, uint256 tokenId) external nonReentrant returns (bool) {
require(msg.sender == gameContract, "Unauthorized minter");
_mint(to, tokenId);
totalSupply += 1;
return true;
}
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!