“Often something that appears safe isn't safe at all.”
How to Submit Solution:
Use the below submission form to submit the solution: QuillCTF Submission Form
Objective of CTF: Claim multiple NFTs for the price of one.
Note: You can create POCs using Foundry or Hardhat. Without proper POC, your submissions will not be accepted.
Georli Link: https://goerli.etherscan.io/address/0xf0337cde99638f8087c670c80a57d470134c3aae
Contract Code:
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.7;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/extensions/ERC721Enumerable.sol";
contract safeNFT is ERC721Enumerable {
uint256 price;
mapping(address=>bool) public canClaim;
constructor(string memory tokenName, string memory tokenSymbol,uint256 _price) ERC721(tokenName, tokenSymbol) {
price = _price; //price = 0.01 ETH
}
function buyNFT() external payable {
require(price==msg.value,"INVALID_VALUE");
canClaim[msg.sender] = true;
}
function claim() external {
require(canClaim[msg.sender],"CANT_MINT");
_safeMint(msg.sender, totalSupply());
canClaim[msg.sender] = false;
}
}
‣
Learning Materials:
- https://github.com/kadenzipfel/smart-contract-attack-vectors/blob/master/attacks/reentrancy.md
- OZ erc721 implementation
Solutions:
Author -
Team QuillAudits