The BlockSec alert system detected that the Revest Finance project suffered a re-entry attack at 10:04 am on March 27. The reasons for analysis are as follows:
1) Next NFT id (FNFTHandler.getNextId) is updated after mint, so reentrancy (in ERC1155 mint) is able to create NFT on current id.
2) mapFNFToToken will overwrite the state of the token id without checking. At present, the project party has suspended the token contract.