Submission Details
Impact:
Likelihood:
# [H-2] Reenterancy within `Snowman::mintSnowman` function, mint nft to contract receiver could trigger a external call, makes user can mint more nfts than specific amount
[H-2] Reenterancy within Snowman::mintSnowman function, mint nft to contract receiver could trigger a external call, makes user can mint more nfts than specific amount
Description
Reenterancy within
Snowman::mintSnowmanfunction, mint nft to contract receiver could trigger a external call, makes user can mint more nfts than the specific amount.
function mintSnowman(address receiver, uint256 amount) external {
for (uint256 i = 0; i < amount; i++) {
@> _safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Risk
Likelihood: High
User just need prepare a contract as nft receiver, within which
onERC721Receivedfunction call back to theSnowman::mintSnowmanfunction again.
Impact: High
User can mint more nfts than the specific amount!!!
Proof of Concept
Recommended Mitigation
Add nonReenterant modifier to function Snowman::mintSnowman to prevent re-enter of function.
- function mintSnowman(address receiver, uint256 amount) external {
+ function mintSnowman(address receiver, uint256 amount) external nonReenterant {
for (uint256 i = 0; i < amount; i++) {
_safeMint(receiver, s_TokenCounter);
emit SnowmanMinted(receiver, s_TokenCounter);
s_TokenCounter++;
}
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.