The Edition.sol::mintButch and Edition.sol::promoMint functions mines nft to a large number of addresses. If this list includes the smart contract address of a malicious user, he may revert the entire transaction because the _mint function is subject to reentrancy.
Thus, all other users will not receive their nfts either.
Vulnerability Detail
Edition uses the function Edition.sol::issue to mint nft to the user's address, which in turn calls _mint in the contract {ERC1155} from "solady/tokens/ERC1155.sol"
if (_hasCode(to)) _checkOnERC1155Received(address(0), to, id, amount, data);
the _checkOnERC1155Received function passes control to the recipient address, if it is a malicious contract, it will simply reverse the entire transaction when it gets control.
Impact
In order to carry out the attack, the malicious contract needs to get on the recipient list.
Score: medium
Code Snippet
Tool used
Manual Review
Recommendation
It might be worth sending nft only to EOA addresses, or wrapping the call in try{}Catch{} so that failure in one call does not affect the others.
BengalCatBalu
medium
DoS в mintBatch and promoMintFunction
Summary
The
Edition.sol::mintButch
andEdition.sol::promoMint
functions mines nft to a large number of addresses. If this list includes the smart contract address of a malicious user, he may revert the entire transaction because the _mint function is subject to reentrancy. Thus, all other users will not receive their nfts either.Vulnerability Detail
Edition uses the function
Edition.sol::issue
to mint nft to the user's address, which in turn calls _mint in the contract {ERC1155} from "solady/tokens/ERC1155.sol"This _mint function has the following check at the very end:
the _checkOnERC1155Received function passes control to the recipient address, if it is a malicious contract, it will simply reverse the entire transaction when it gets control.
Impact
In order to carry out the attack, the malicious contract needs to get on the recipient list.
Score: medium
Code Snippet
Tool used
Manual Review
Recommendation
It might be worth sending nft only to EOA addresses, or wrapping the call in try{}Catch{} so that failure in one call does not affect the others.