search

code-423n4 / 2023-01-drips-findings

0 stars 2 forks source link

Lack of `nonReentrant` modifier when using `_safeMint` function #284

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L85

Vulnerability details

Impact

The _safeMint function implementation can allow a contract to reenter the the calling contract.

Proof of Concept

the safeMint function can be reentered through the _safeMint function.

function safeMint(address to, UserMetadata[] calldata userMetadata)
        public
        whenNotPaused
        returns (uint256 tokenId)
    {
        tokenId = _registerTokenId();
        _safeMint(to, tokenId);
        if (userMetadata.length > 0) dripsHub.emitUserMetadata(tokenId, userMetadata);
    }

Tools Used

Manual review

Recommended Mitigation Steps

Consider adding nonRentrant modifier from openzeppelin to the safeMint function

GalloDaSballo commented 1 year ago

The emitUserMetadata function just emits events

This submission is overly inflated, if you send us a non-CEI finding as High, you must prove a loss in the system, this doesn't

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Overinflated severity