Missing nonreentrant check in Position Manager mint function
Summary
The mint function for poisition NFTs uses _safemint which can enable reentrancy
Vulnerability Detail
The _safeMint function from Openzepplin's ERC721 contract includes a callback to the receiver of the NFT through the onERC721Recived handle
If the receiver is a contract, it can take control of execution and mint multiple NFTs for the same position since the mint function here is not marked nonreentrant
Chinmay
medium
Missing nonreentrant check in Position Manager mint function
Summary
The mint function for poisition NFTs uses _safemint which can enable reentrancy
Vulnerability Detail
The _safeMint function from Openzepplin's ERC721 contract includes a callback to the receiver of the NFT through the onERC721Recived handle If the receiver is a contract, it can take control of execution and mint multiple NFTs for the same position since the mint function here is not marked nonreentrant
Impact
Code Snippet
https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/PositionManager.sol#L181
Tool used
Manual Review
Recommendation
It is advised to always use a reentrancy guard when calling safemint function. So mark the mint function at L#181 as nonreentrant
Duplicate of #131