From 97e7de2f44d8c7dcaeea7b85900b967755b1ec13 Mon Sep 17 00:00:00 2001
From: 0xPanku <98287354+0xPanku@users.noreply.github.com>
Date: Mon, 24 Jan 2022 09:56:04 +0000
Subject: [PATCH] Fix reentrancy vulnerability

Fix re-entry vulnerability on split payment using call();
The first addr could drain all the funds.

https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/
---
 contract/SimpleNftLowerGas.sol | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/contract/SimpleNftLowerGas.sol b/contract/SimpleNftLowerGas.sol
index 163e0f2..6370fc7 100644
--- a/contract/SimpleNftLowerGas.sol
+++ b/contract/SimpleNftLowerGas.sol
@@ -20,8 +20,10 @@ pragma solidity >=0.7.0 <0.9.0;
 import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
 import "@openzeppelin/contracts/utils/Counters.sol";
 import "@openzeppelin/contracts/access/Ownable.sol";
+import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
 
-contract SimpleNftLowerGas is ERC721, Ownable {
+
+contract SimpleNftLowerGas is ERC721, Ownable, ReentrancyGuard {
   using Strings for uint256;
   using Counters for Counters.Counter;
 
@@ -138,7 +140,7 @@ contract SimpleNftLowerGas is ERC721, Ownable {
     paused = _state;
   }
 
-  function withdraw() public onlyOwner {
+  function withdraw() public onlyOwner nonReentrant {
     // This will pay HashLips 5% of the initial sale.
     // You can remove this if you want, or keep it in to support HashLips and his channel.
     // =============================================================================