[L-5] Updating the state in BidBeasts_NFT_ERC721.sol::mint after external call, makes the function susceptible to future re-entrancy attacks if the onlyOwner restriction is ever removed

Description

• Normal bahaviour: The CurrentTokenID in BidBeasts_NFT_ERC721.sol::mint should be updated before _safemMintso that it follows the CEI pattern. The function is currently not reentrant due to the onlyOwner access control modifier.

• Problematic bahaviour: If access control is changed in the future the the onlyOwner modifier is removed, the function will become reentrant. To guard the function against future attacks, the CEI pattern should be followed.

Root cause:

Risk

Likelihood: Low

• There is currently no attack vector as the function is guarded by the onlyOwner modifier.

Impact: Low

• The function will only become vulnerable if the onlyOwner modifier is removed as it does not follow the CEI pattern.

Proof of Concept

As the function is currently non-reentrant, this is merely a suggestion to follow best practices.

Recommended Mitigation

To follow the defense-in-depth best practices and guard the mint() function against a future reentrancy attack in case the onlyOwner restriction is relaxed, follow the Checke-Effects-Interactions pattern: move the state update CurrenTokenID++; before the _safeMint external call.