-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MinterContract#mint function is vulnerable to reentrancy #398
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
c4-submissions
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Nov 6, 2023
141345 marked the issue as duplicate of #51 |
141345 marked the issue as duplicate of #51 |
141345 marked the issue as duplicate of #1742 |
c4-judge
added
duplicate-1517
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
duplicate-1742
labels
Dec 4, 2023
alex-ppg marked the issue as satisfactory |
c4-judge
added
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
and removed
satisfactory
satisfies C4 submission criteria; eligible for awards
labels
Dec 8, 2023
alex-ppg marked the issue as partial-50 |
c4-judge
added
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
labels
Dec 8, 2023
alex-ppg marked the issue as satisfactory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1517
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L224
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L236
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/NextGenCore.sol#L193-L198
Vulnerability details
Impact
Attacker is able to bypass the check for
tokensMintedPerAddress
(number of tokens minted per address) during public-sale (phase 2) and due to that he is able to mint all the available NFTs (number of tokens remaining until totalSupply) in 1 transaction.Proof of Concept
MinterContract#mint
function and it wants to mint 1 NFT (assumemaxCollectionPurchases
is 1).gencore.mint(mintIndex, mintingAddress, _mintTo, tokData, _saltfun_o, col, phase);
_mintProcessing
callssafeMint
which triggers the functiononERC721Received
of transaction-caller (if caller is a contract)onERC721Received
function of caller-contract, and it re-enters toMinterContract#mint
function.Tools Used
Manual Review
Recommended Mitigation Steps
Change NexGenCore#mint function like this:
Assessed type
Reentrancy
The text was updated successfully, but these errors were encountered: