Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

Reentrancy in mint() #9

Open
epheph opened this issue Feb 14, 2020 · 0 comments
Open

Reentrancy in mint() #9

epheph opened this issue Feb 14, 2020 · 0 comments

Comments

@epheph
Copy link

epheph commented Feb 14, 2020

opensea-erc1155/contracts/MyFactory.sol

Line 94 in 59d2e0c

id = nftContract.create(_toAddress, _amount, "", _data);

Calling mint(uint256 _optionId, address _toAddress, uint256 _amount, bytes calldata _data) calls the internal

_mint(
    Option _option,
    address _toAddress,
    uint256 _amount,
    bytes memory _data
  )

Which ends up running

    if (id == 0) {
      id = nftContract.create(_toAddress, _amount, "", _data);
      optionToTokenID[optionId] = id;
    } else {
      nftContract.mint(_toAddress, id, _amount, _data);
    }

If the nftContract itself supports callback hooks (like MyCollectible.sol), there is a reentrancy which could allow create to be called twice with the same optionId
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@epheph