From d95720f4269983537f91946f01958a58a00ac6ee Mon Sep 17 00:00:00 2001 From: Nihal Rajak Date: Fri, 16 Jan 2026 19:24:20 +0530 Subject: [PATCH 1/2] fix: resolve critical security vulnerabilities --- contracts/src/VouchMe.sol | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/contracts/src/VouchMe.sol b/contracts/src/VouchMe.sol index 8a099bd..50a4368 100644 --- a/contracts/src/VouchMe.sol +++ b/contracts/src/VouchMe.sol @@ -5,8 +5,10 @@ import "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol"; import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; import "@openzeppelin/contracts/utils/Strings.sol"; +import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; -contract VouchMe is ERC721URIStorage { + +contract VouchMe is ERC721URIStorage , ReentrancyGuard { using ECDSA for bytes32; using Strings for uint256; @@ -68,7 +70,7 @@ contract VouchMe is ERC721URIStorage { string calldata giverName, string calldata profileUrl, bytes calldata signature - ) external returns (uint256) { + ) external nonReentrant returns (uint256) { // Hash the message that was signed bytes32 messageHash = keccak256( abi.encodePacked( @@ -275,6 +277,9 @@ contract VouchMe is ERC721URIStorage { * @param receiver The receiver of the testimonial */ function _removeTestimonialFromList(uint256 tokenId, address sender, address receiver) internal { + //Delete testimonial data + delete _testimonials[tokenId]; + // Delete from testimonial mapping delete _testimonial[sender][receiver]; @@ -301,13 +306,15 @@ contract VouchMe is ERC721URIStorage { * @dev Deletes a testimonial * @param tokenId The token ID to delete */ - function deleteTestimonial(uint256 tokenId) external { + function deleteTestimonial(uint256 tokenId) external nonReentrant { require(_ownerOf(tokenId) == msg.sender, "Only recipient can delete"); // Check if the testimonial still exists address sender = _testimonials[tokenId].sender; require(_testimonial[sender][msg.sender] == tokenId, "Testimonial already deleted"); + _burn(tokenId); + _removeTestimonialFromList(tokenId, sender, msg.sender); emit TestimonialDeleted(tokenId, msg.sender); From 26060b245bbfa267379e800d222a12505344a18b Mon Sep 17 00:00:00 2001 From: Nihal Rajak Date: Fri, 16 Jan 2026 20:02:17 +0530 Subject: [PATCH 2/2] fix: resolve critical security vulnerabilities in VouchMe contract --- contracts/src/VouchMe.sol | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/contracts/src/VouchMe.sol b/contracts/src/VouchMe.sol index 50a4368..5c964ff 100644 --- a/contracts/src/VouchMe.sol +++ b/contracts/src/VouchMe.sol @@ -7,8 +7,7 @@ import "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; import "@openzeppelin/contracts/utils/Strings.sol"; import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; - -contract VouchMe is ERC721URIStorage , ReentrancyGuard { +contract VouchMe is ERC721URIStorage, ReentrancyGuard { using ECDSA for bytes32; using Strings for uint256; @@ -277,7 +276,7 @@ contract VouchMe is ERC721URIStorage , ReentrancyGuard { * @param receiver The receiver of the testimonial */ function _removeTestimonialFromList(uint256 tokenId, address sender, address receiver) internal { - //Delete testimonial data + // Delete testimonial data to fix memory leak delete _testimonials[tokenId]; // Delete from testimonial mapping @@ -313,8 +312,6 @@ contract VouchMe is ERC721URIStorage , ReentrancyGuard { address sender = _testimonials[tokenId].sender; require(_testimonial[sender][msg.sender] == tokenId, "Testimonial already deleted"); - _burn(tokenId); - _removeTestimonialFromList(tokenId, sender, msg.sender); emit TestimonialDeleted(tokenId, msg.sender);