code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L79

Vulnerability details

Impact

In NFTDriver.sol the safeMint() function have Reentrancy vulnerability. When writing or interacting with callback functions in solidity, it's important to ensure that they can't be used to perform unexpected effects. _safeMint is a callback function, the recipient contract may define any arbitrary logic to be executed, including reenterring the initial mint function, thereby bypassing limits defined in the contract code.

Proof of Concept

79: function safeMint(address to, UserMetadata[] calldata userMetadata)
        public
        whenNotPaused
        returns (uint256 tokenId)
    {
        tokenId = _registerTokenId();
        _safeMint(to, tokenId);
        if (userMetadata.length > 0) dripsHub.emitUserMetadata(tokenId, userMetadata);
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Add nonReentrant modifier to safeMint() function.

GalloDaSballo commented 1 year ago

Invalid as the call after has no storage changes, it just emits events, this is a false positive in lack of any additional info

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-01-drips-findings