WhoAmI?
may be auditor

Security blog

Add new post Feed

Auditors space

Dapp Security list Audit Challenges Team formation

Dapps and protocols

Pre-audit plan Audit Profile

Dev Tools

Dev tools Testing tools

Protocol Marketing

Marketing tips

Misc

Support Log In

AuditProfile, Copywright 2025

info@auditprofile.xyz

Privacy Policy

AuditProfile

Block: 76

Author: AuditProfile

AuditProfile

Security blog

MintingProblem

#mint

#nft

#reenter

Hint

Is the Check Effects Interactions pattern followed correctly?

Answer

An attacker can reenter the MinterContract::mint function and mint the entire collection supply. Exploitation Steps: 1. Attacker calls MinterContract::mint with a malicious contract as the receiver. 2. The malicious contract executes a crafted onERC721Received(). 3. MinterContract::mint invokes NextGenCore::mint, which uses _safeMint() internally. 4. _safeMint() calls _recipient.onERC721Received(), leading to the minting of the complete collection supply.

CTF

Capture the Ether The Ethernaut Damn Vulnerable DeFi CryptoZombies Speedrun Ethereum CipherShastra Mr Steal Yo Crypto Cryptohack DeFi Hack Ether Hack CTF protocol CTF Blockchain Challenges

Awesome Books

Uniswap V2 Book

by RareSkills
Uniswap V3 Book

by Jeiwan
Compound Book

by RareSkills
ZK Book

by RareSkills
Ethereum Book

by Andreas M. Antonopoulos, Gavin Wood
Beigepaper

by Micah Dameron

Useful tools

EVM diff

Compare execution layer differences between chains
EVM storage

Dive deep into the storage of any contract

Регистрация прошла успешно! Спасибо за внимание!

loader