This minting function is unsafe to use without reentrancy guards since it makes an external call to the receiving contract which can be any arbitrary contract.
This receiver can then reenter any function of the protocol since reentrancy guard is not being used.
CloudEllie
commented
2 years ago
Handle
pedroais
Vulnerability details
Impact
Unsafe reentrancy door
Proof of Concept
The execute function in the SherBuy contract calls for an initial stake in sherlock.sol. https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/SherBuy.sol#L168
The initial stake function then mints an NFT using the _safeMint function.
https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/Sherlock.sol#L558
This minting function is unsafe to use without reentrancy guards since it makes an external call to the receiving contract which can be any arbitrary contract.
This receiver can then reenter any function of the protocol since reentrancy guard is not being used.
Blog post about the dangers of using _safeMint : https://www.paradigm.xyz/2021/08/the-dangers-of-surprising-code/
Recommended Mitigation Steps
Add reentrancy guard or use _mint instead of _safeMint