-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attacker can exploit reentrancy to mint more tokens than allowed. #1803
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Comments
c4-submissions
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Nov 13, 2023
141345 marked the issue as duplicate of #51 |
141345 marked the issue as duplicate of #1742 |
c4-judge
added
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
duplicate-1742
labels
Dec 4, 2023
alex-ppg marked the issue as satisfactory |
c4-judge
added
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
and removed
satisfactory
satisfies C4 submission criteria; eligible for awards
labels
Dec 8, 2023
alex-ppg marked the issue as partial-50 |
alex-ppg marked the issue as satisfactory |
c4-judge
added
satisfactory
satisfies C4 submission criteria; eligible for awards
3 (High Risk)
Assets can be stolen/lost/compromised directly
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
and removed
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Dec 8, 2023
alex-ppg changed the severity to 3 (High Risk) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/NextGenCore.sol#L189-L200
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/NextGenCore.sol#L227-L232
Vulnerability details
Impact
Due to the fact that
tokensMintedPerAddress
andtokensMintedAllowlistAddress
are only incremented after_mintProcessing()
execution, an attacker can exploit reentrancy to mint how many tokens they want, thus bypassingmaxCollectionPurchases
and_maxAllowance
, respectively.Proof of Concept
Consider the snippet from the
NextGenCore::mint()
function. Note that both mappingstokensMintedPerAddress
andtokensMintedAllowlistAddress
, used to register how many tokens each address has minted, are only incremented after the call to_mintProcessing()
. This allows attackers to exploit the fact that_mintProcessing()
utilizessafeMint()
and thus handles execution back to the receiving address (due to_checkOnERC721Received()
), to call againmint()
.Since, at this point ,
tokensMintedPerAddress
ortokensMintedAllowlistAddress
hasn't been incremented yet, the execution proceeds with outdated values. This process can be iterated as long as the attacker desires, enabling them to mint an arbitrary number of tokens, limited only by the maximum token count in a collection. This vulnerability applies to both the allowlist and public mint phases.Consider the example below for a public mint scenario. First the attacker deploys the following contract. The modified
onERC721Received()
function allows the contract to callMinterContract::mint()
when it is called by the_checkOnERC721Received()
method fromNextGenCore
.Then the attaker has to configure how many tokens he wants to mint, controlled by the
mint
parameter and callExploit::mint()
. See the hardhat test code below. Note that at the end the Exploit contract has minted 20 tokens, way above the maximum limit of two tokens per address set.Tools Used
Manual Review.
Recommended Mitigation Steps
Consider following the Checks-Effects-Interactions pattern and increment
tokensMintedPerAddress
andtokensMintedAllowlistAddress
before the call to_mintProcessing()
.Assessed type
Reentrancy
The text was updated successfully, but these errors were encountered: