From 30d9b1c77846bd671c6c9a097d81aa9d9539d47f Mon Sep 17 00:00:00 2001
From: Sebastian Liu <sebsadface@gmail.com>
Date: Tue, 15 Oct 2024 16:39:05 -0700
Subject: [PATCH] fix(story-nft): resolve potential reentrancy issue

---
 contracts/story-nft/StoryBadgeNFT.sol   | 6 +++---
 contracts/story-nft/StoryNFTFactory.sol | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/contracts/story-nft/StoryBadgeNFT.sol b/contracts/story-nft/StoryBadgeNFT.sol
index fa595cd..ebc5093 100644
--- a/contracts/story-nft/StoryBadgeNFT.sol
+++ b/contracts/story-nft/StoryBadgeNFT.sol
@@ -70,6 +70,9 @@ contract StoryBadgeNFT is IStoryBadgeNFT, BaseStoryNFT, ERC721Holder {
         // The given signature must not have been used
         if (_usedSignatures[signature]) revert StoryBadgeNFT__SignatureAlreadyUsed();
 
+        // Mark the signature as used
+        _usedSignatures[signature] = true;
+
         // The given signature must be valid
         bytes32 digest = keccak256(abi.encodePacked(msg.sender)).toEthSignedMessageHash();
         if (!SignatureChecker.isValidSignatureNow(_signer, digest, signature)) revert StoryBadgeNFT__InvalidSignature();
@@ -88,9 +91,6 @@ contract StoryBadgeNFT is IStoryBadgeNFT, BaseStoryNFT, ERC721Holder {
         // Transfer the badge to the recipient
         _safeTransfer(address(this), recipient, tokenId);
 
-        // Mark the signature as used
-        _usedSignatures[signature] = true;
-
         emit StoryBadgeNFTMinted(recipient, tokenId, ipId);
     }
 
diff --git a/contracts/story-nft/StoryNFTFactory.sol b/contracts/story-nft/StoryNFTFactory.sol
index c190090..0bb13db 100644
--- a/contracts/story-nft/StoryNFTFactory.sol
+++ b/contracts/story-nft/StoryNFTFactory.sol
@@ -129,6 +129,9 @@ contract StoryNFTFactory is IStoryNFTFactory, AccessManagedUpgradeable, UUPSUpgr
         // The given signature must not have been used
         if ($.usedSignatures[signature]) revert StoryNFTFactory__SignatureAlreadyUsed(signature);
 
+        // Mark the signature as used
+        $.usedSignatures[signature] = true;
+
         // The given organization name must not have been used
         if ($.deployedStoryNftsByOrgName[orgName] != address(0))
             revert StoryNFTFactory__OrgAlreadyDeployed(orgName, $.deployedStoryNftsByOrgName[orgName]);
@@ -152,9 +155,6 @@ contract StoryNFTFactory is IStoryNFTFactory, AccessManagedUpgradeable, UUPSUpgr
         $.deployedStoryNftsByOrgTokenId[orgTokenId] = storyNft;
         $.deployedStoryNftsByOrgIpId[orgIpId] = storyNft;
 
-        // Mark the signature as used
-        $.usedSignatures[signature] = true;
-
         emit StoryNftDeployed(orgName, orgNft, orgTokenId, orgIpId, storyNft);
     }