Closed code423n4 closed 1 year ago
The emitUserMetadata
function just emits events
This submission is overly inflated, if you send us a non-CEI finding as High, you must prove a loss in the system, this doesn't
GalloDaSballo marked the issue as unsatisfactory: Overinflated severity
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/main/src/NFTDriver.sol#L85
Vulnerability details
Impact
The
_safeMint
function implementation can allow a contract to reenter the the calling contract.Proof of Concept
the
safeMint
function can be reentered through the_safeMint
function.Tools Used
Manual review
Recommended Mitigation Steps
Consider adding nonRentrant modifier from openzeppelin to the
safeMint
function