Description: Potential vulnerability in the send_to_jetton_wallet function (in jetton_mintter.fc) that if not controlled could generate successive calls without finishing the previous ones, and since the method is called when minting tokens, an unexpected effect could be generated such as saturation (and increase in gas for the cost) or lying of the more tokens than expected by the same malicious actor.

Error Occurs In: The reentrancy risk is after preparing the message to send (msg), send_raw_message is called in send_to_jetton_wallet to send the message to to_wallet_address. If to_wallet_address is a contract (or an automatically managed wallet somehow faster than a human), it could make one or more calls back to the current contract (send_to_jetton_wallet) before the execution of all internal operations is complete, it could occur a reentry.

Impact: Possibility that a malicious actor could make recursive calls that involve mining more tokens than appropriate (especially when they have collateral, and that would involve a lot of volatility).

Proposed Solution: Persist in an object the state of the user's call to the send_to_jetton_wallet method at the beginning of the method and check if there is already a call pending completion, thus controlling that after the call has finished, the address of that user disappears in that object (or smart contract) so that it can make another call (that part can be done at the end and free the calling address of the object).

Not applicable. TON model is asynchronous, and TVM execution is fully finished before any messages are even sent out.

Text generated by ChatGPT. TON does not have the EVM reentrancy problem.