Lesson 15 - Reentrancy attack

[soliditee]

The general best practice is to update all state variables before calling external contracts. It was demonstrated in Lesson 15 buyItem() function as follows:

    s_proceeds[listedItem.seller] += msg.value;        
    delete (s_listings[nftAddress][tokenId]);
    IERC721(nftAddress).safeTransferFrom(listedItem.seller, msg.sender, tokenId);

It makes sense to update the state variables first when we reduce the balance of the users, as in the Reentrancy example. However, in the buyItem() function above, we are increasing the balance of the seller before calling the NFT contract. Would that make it easier for an attacker to infinitely increase their balance in s_proceeds[listedItem.seller] with a malicious NFT contract, provided that we forget to implement the mutex?

[alymurtazamemon]

@soliditee We added the mutex with buyItem function;

function buyItem(address nftAddress, uint256 tokenId)
        external
        payable
        isListed(nftAddress, tokenId)
        nonReentrant