Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Re -creation attack in ERC -721 -Ackee Blockchain
HACKING NEWS

Re -creation attack in ERC -721 -Ackee Blockchain

By Crypto FlexsAugust 8, 20253 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Re -creation attack in ERC -721 -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

The ERC721 token has become the backbone of the NFT ecosystem, but the implementation contains subtle security risks that developers often overlook. The ERC721 standard includes a safety mechanism called Thee. ERC721Receiver HOOK, designed to prevent the token from being lost when transmitted to a contract. However, this same mechanism introduces external calls that can be exploited through re -creation attacks.

In this article, how the attacker _safeMint Even if the developer thinks that he has observed a safe coding practice, the external call of the function to bypass the minting minting limit and release the NFT collection.

Example: Expected use

that Masks The contract extends the ERC721 and manages the NFT mining with the following constraints:

  • Users can call mintNFT It functions for NFTS
  • Up to 20 NFTs per transaction
  • Total source MAX_NFT_SUPPLY

Vulnerable contract

Vulnerability occurs in external currencies IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) Within _safeMint function.

The currency flow follows this pattern.

  • mintNFT phone call _safeMint
  • _safeMint phone call _safeMint Set the argument
  • _safeMint phone call _checkOnERC721Received
  • _checkOnERC721Received phone call IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data)

The mask contract checks the number of NFTs at the start of the function. totalSupply() use _tokenOwners.length().

This value will be updated next _tokenOwners.set(tokenId, to); at _mint Features and after that _checkOnERC721Received It is called. Therefore, it does not seem to be re -creation at first.

But the condition mintNFT Compare the current totalSupply and numberOfNft With ~ MAX_NFT_SUPPLY.

When the attacker enters the for loop, the comparison uses old -fashioned. totalSupply Values that allow excessive NFT mining.

Attack example

The attack is carried out through the following steps.

  • Attacker mintNFT(20)
  • Let’s say value totalSupply() Be N
  • that _mint() Function Update _tokenOwnersnow totalSupply() Be N+1
  • function _checkOnERC721Received phone call onERC721Received() In the attacker contract:
    • Attacker mintNFT(20) Through re -creation
    • At this moment totalSupply() Be N+1 No ~ N+20 -This is a point
    • So we can create 18 additional NFTs totalSupply() To N+1
    • It checks whether it is N+1+18 Less than MAX_NFT_SUPPLYBut you need to confirm N+20+18This must be returned
    • Repeat the process similarly

This is an attacker contract.

And this is an abuse.

The attacker successfully exceeds both the 20 NFT limit and the maximum number of solutions in one transaction, with 110 NFTs successfully MINTS.

prevention

Implement the reinvestment guard to prevent this vulnerability.

conclusion

The vulnerabilities proven here emphasize important lessons for smart contract developers. Even if you try to follow the established security pattern, such as the confirmation effect, if you introduce a loop with an external currency, an unexpected attack vector can be created. The safety function of the ERC721 standard is intended, but it can be a security debt without proper protection.

This case emphasizes the reason why comprehensive security audits and re -creation guards are essential for handling valuable assets in contract processing. As the Defi and NFT ecosystems continue to develop, developers must be wary of these subtle and destructive vulnerabilities that can bypass strong verification logic.

We maintain a reentrancy example GitHub repository that deals with other types of re -creation attacks and re -creations for each protocol.

We also wrote about re -creation attacks by type.

will

https://samczsun.com/the-dangers- of-surprising-code/

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The US government checks the economic data on the chain with 60% Pyth Rocket 60% Pyth Network.

August 28, 2025

Complete re -creation practice guide -AcKee Blockchain

August 26, 2025

Distributed financial introduction

August 24, 2025
Add A Comment

Comments are closed.

Recent Posts

Ethereum-Based Meme Project Pepeto ($PEPETO) Surges Past $6.5M In Presale

August 29, 2025

Use Australia’s Top Cloud Mining Tools To Become A Millionaire!

August 29, 2025

Bitcoin is under pressure with gold aiming to be the highest ever.

August 29, 2025

The US government posts GDP data on Bitcoin block chain.

August 28, 2025

Pudgy Penguins

August 28, 2025

The US government checks the economic data on the chain with 60% Pyth Rocket 60% Pyth Network.

August 28, 2025

GCL Subsidiary, 2Game Digital, Partners With KuCoin Pay To Accept Secure Crypto Payments In Real Time

August 28, 2025

Tether Announces Plan To Bring USD₮ To RGB, Advancing Native Stablecoins On Bitcoin And Lightning

August 28, 2025

Ether Leeum Game Football. Fun market caps increase 10 times within two weeks.

August 28, 2025

Defi Surges, BTC Swings & Tradfi faces freezing: Daily encryption failure

August 28, 2025

7 Legit Cloud Mining Platforms For Daily Bitcoin Income In 2025

August 27, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Ethereum-Based Meme Project Pepeto ($PEPETO) Surges Past $6.5M In Presale

August 29, 2025

Use Australia’s Top Cloud Mining Tools To Become A Millionaire!

August 29, 2025

Bitcoin is under pressure with gold aiming to be the highest ever.

August 29, 2025
Most Popular

Monero’s Weekly Hike – Mapping If LocalMonero’s Shutdown Could Stop Rally

May 10, 2024

What is Frostsnap? – Bitfinex Blog

January 19, 2024

ETH PECTRA upgrade: Impact on idiot and roll -up costs

May 15, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.