ERC721 onERC721Received() Reentrancy
Description
The onERC721Received() function is vulnerable to reentrancy attacks, which can lead to unintended behavior and potential security risks.
Examples
Insecure Code
solidity
function onERC721Received(...) { _checkOnERC721Received(...); }Secure Code
solidity
function onERC721Received(...) { /* state changes */; _checkOnERC721Received(...); }Remediation
Use the Checks-Effects-Interactions pattern to prevent reentrancy attacks. Ensure that all state changes are made before making external calls.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0217 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-841 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | reentrancy, erc721 |
| OWASP | N/A |
References
- https://blocksecteam.medium.com/when-safemint-becomes-unsafe-lessons-from-the-hypebears-security-incident-2965209bda2a
- https://etherscan.io/address/0x14e0a1f310e2b7e321c91f58847e98b8c802f6ef