doerfli
commented
1 month ago @rapidddenis follow the recommendation. Please delete the interceptor calls during NFT minting and remove (I)TransferInterceptor.nftMint
Closed JorgeAtPaladin closed 3 days ago
doerfli
commented
1 month ago @rapidddenis follow the recommendation. Please delete the interceptor calls during NFT minting and remove (I)TransferInterceptor.nftMint
matthiaszimmermann
commented
1 month ago fix together with #504
rapidddenis
commented
1 month ago Should the same consideration be taken for transfer callback / interception? But in this case interception is the must.
doerfli
commented
1 month ago Should the same consideration be taken for transfer callback / interception? But in this case interception is the must.
no, it relates only to minting.
https://github.com/etherisc/gif-next/blob/401ed87f073d09aaa7643a6a9fa76a9f195a6d82/contracts/registry/ChainNft.sol#L104
The
mintfunction within theChainNftuses_safeMint, this alternative to_mintcreates a reentrancy vector on the receiver whenever this receiver is a smart contract.Exploiters will always look for points in your code where such a mint is not the last operation in execution, and when it isn't, try to reenter in other points of the system to exploit it.
Potentially vulnerable spots include:
recommendation: The simplest solution is to simply not do the callback. This callback was introduced to avoid sending NFTs to eg. multisigs which didn't have the ability to transfer it again. I don't feel like that use case weights up to the refactoring challenges of making this mint reentrancy secure, which would be the actual solution. Hence simply removing the reentrancy altogether is the recommendation.