Description: The attack vector described involves malicious actors exploiting the lack of recipient addresss validation of the onERC721Received
function within the Soulmate::mintSoulmateToken
function, specifically through the use of the _mint
function.
Impact: As a consequence of the attack, tokens sent to addresses incapable of handling them become irretrievably lost within the Ethereum blockchain. Since blockchain transactions are immutable, once tokens are sent to an address, they cannot be reversed or recovered thus resulting in a permanent loss of tokens from the token supply, adversely affecting Soulmate
token holders and the overall ecosystem stability.
Proof of Concept:
A malicious actor may attempt to mint a Soulmate
token by pairing a non-NFT compatible smart contract address with another address presumed to support NFT functionality.
A denial-of-service (DOS) attack transpires, resulting in the loss of the token within the Ethereum blockchain.
Place the following into the SoulmateTest.t.sol
.
Recommended Mitigation: Use the _safeMint
function instead of the _mint
function since it carries out checks for the onERC721Received
function which reverts back with the selector thus proving whether the recipient address is compatible to handle ERC-721 tokens or not.
Low severity, - If a user utilizes an EOA, the check is not required. - If a user utilizes a contract that they own to mint soulmate tokens, than check is required. However, this would rely on user error minting. Since there is no mention that ownership of token must be from EOAs, I believe low severity is appropriate.
Low severity, - If a user utilizes an EOA, the check is not required. - If a user utilizes a contract that they own to mint soulmate tokens, than check is required. However, this would rely on user error minting. Since there is no mention that ownership of token must be from EOAs, I believe low severity is appropriate.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.