Submission Details
Impact:
Likelihood:
Reentrancy Vulnerability
Summary
The mintSnowman function in the Snowman contract contains a critical reentrancy vulnerability
Description
Reentrancy Vulnerability in
mintSnowman()Allows Unauthorized Token Minting
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
@> _safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Problem:
1.Dangerous external call _safeMint(receiver, s_TokenCounter);
2.Dont have nonReentrant modifier
Impact:
1.Single transaction can mint N tokens while paying for only 1
2.Token counter becomes inconsistent (s_TokenCounter increases but token IDs duplicated)
3.Potential theft of funds if minting involves payments
Proof of Concept
Recommended Mitigation
- function mintSnowman(address receiver, uint256 amount) external {
+ function mintSnowman(address receiver, uint256 amount) external nonReentrant {
for (uint256 i = 0; i < amount; i++) {
- _safeMint(receiver, s_TokenCounter);
+ s_TokenCounter++;
- emit SnowmanMinted(receiver, s_TokenCounter);
- s_TokenCounter++;
+ _safeMint(receiver, s_TokenCounter);
+ emit SnowmanMinted(receiver, s_TokenCounter);
}
}
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.