-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adversary can reenter mint
to bypass max allowance.
#2011
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Comments
c4-submissions
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Nov 13, 2023
141345 marked the issue as duplicate of #2039 |
141345 marked the issue as duplicate of #51 |
141345 marked the issue as duplicate of #1742 |
c4-judge
added
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
duplicate-1742
labels
Dec 4, 2023
alex-ppg marked the issue as satisfactory |
c4-judge
added
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
and removed
satisfactory
satisfies C4 submission criteria; eligible for awards
labels
Dec 8, 2023
alex-ppg marked the issue as partial-50 |
alex-ppg marked the issue as satisfactory |
c4-judge
added
satisfactory
satisfies C4 submission criteria; eligible for awards
3 (High Risk)
Assets can be stolen/lost/compromised directly
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
and removed
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
Dec 8, 2023
alex-ppg changed the severity to 3 (High Risk) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/NextGenCore.sol#L189-L200
Vulnerability details
Description
MinterContract.mint
callsNextGenCore.mint
, which variables that accounts the amount of tokens each user minted is changed only after_mintProcessing
, that has a callback in_safeMint
. Because of that, attackers can reenterMinterContract.mint
beforetokensMintedAllowlistAddress
andtokensMintedPerAddress
are incremented, allowing them to bypass the max allowance check that limits the amount of tokens an user can mint for public or allowlist phase of a collection.Proof of Concept
tokensMintedPerAddress[_collectionID][attacker] = 2
(retrieved viaretrieveTokensMintedPublicPerAddress
)collectionAdditionalData[_collectionID].maxCollectionPurchases = 3
(retrieved viaviewMaxAllowance
)MinterContract.mint
to mint one token. Logic that executes for public phase (and no delegation, sales mode not 3):tokensMintedPerAddress[_collectionID][attacker]
plus amount of tokens to mint andcollectionAdditionalData[_collectionID].maxCollectionPurchases
.3 <= 3
, which is true, so no reverts.gencore.mint
is called:_mintProcessing
, which has_safeMint
, a function withERC721.onERC721Received
callback:ERC721.onERC721Received
callback,MinterContract.mint
is called again:MinterContract.mint
:tokensMintedAllowlistAddress[_collectionID][attacker]
isn't updated during the reentrancy, making the check3 <= 3
again:mintIndex
, because it relies oncollectionCirculationSupply
, which is updated before the callback.tokensMintedPerAddress[_collectionID][attacker] = 4
collectionAdditionalData[_collectionID].maxCollectionPurchases = 3
Attacker successfully minted more tokens than he could. The same exploit could be executed for allowlist, since
tokensMintedAllowlistAddress
is also updated only after the callback.Impact
Attacker can bypass the maximum purchases for allowlist or public phases, effectively being able to use
mint
more times than a normal user, which is specially dangerous for the phase 1.Tools Used
Manual Review
Recommended Mitigation Steps
Use
nonReentrant
modifier fromReentrancyGuard.sol
and follow the Checks-Effects-Interactions pattern.Assessed type
Reentrancy
The text was updated successfully, but these errors were encountered: