The swapTo function in the NFTXVaultUpgradeable contract should use the modifier nonReentrant to prevent reentrancy, which could happen when a user receives an NFT and calls the swapTo function again in the onERC721Received or onERC1155Received functions he implemented.
Proof of Concept
Both the mintTo, redeemTo includes a nonReentrant modifier to prevent reentrancy, while the function swapTo does not. Currently, the modifier is applied in the swap function instead of swapTo.
cemozerr
commented
3 years ago
Handle
shw
Vulnerability details
Impact
The
swapTofunction in theNFTXVaultUpgradeablecontract should use the modifiernonReentrantto prevent reentrancy, which could happen when a user receives an NFT and calls theswapTofunction again in theonERC721ReceivedoronERC1155Receivedfunctions he implemented.Proof of Concept
Both the
mintTo,redeemToincludes anonReentrantmodifier to prevent reentrancy, while the functionswapTodoes not. Currently, the modifier is applied in theswapfunction instead ofswapTo.Referenced code: NFTXVaultUpgradeable.sol#L259-L289
Tools Used
None
Recommended Mitigation Steps
Move the
nonReentrantmodifier fromswaptoswapTo.