SYM_SOL_0030 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Enforcement of Behavioral Workflow
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description
The onERC721Received() callback in your ERC721 contract is vulnerable to reentrancy if external calls are made before internal state updates. This allows attackers to exploit the contract by recursively calling functions before changes are finalized.
Impact
If exploited, an attacker could mint or transfer more NFTs than intended, bypass ownership or minting limits, and potentially drain assets or disrupt contract logic. This can lead to significant financial loss and undermine the integrity of your NFT platform.