First Flight #11: Snek-Raffle
First Flight #11
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Not using `safe_mint` can freeze NFTs in smart contracts

emacab98

Summary

The protocol does not use safe_mint, which means that, if the winner of the raffle is a smart contract that does not support ERC721, it will not be able to manage the token minted to it, causing them to be forever frozen in the winning smart contract.
This is in stark contrast with what is stated in the documentation, more specifically:

When someone wins a snek, it should have all the functionality of a normal NFT. It should be able to be viewed, transferred, approved, etc

Vulnerability Details

This is a known vulnerability related to the use of _mint when potential users of the protocol might be smart contracts that do not support the ERC721 standard.
As discussed here:

To summarize, safeMint is there to prevent someone minting ERC721 to a contract which does not support ERC721 transfer. So the ERC721 token is stuck there forever.

Impact

Minted NFTs could go to smart contracts that do not support the ERC721 protocol, meaning there is no possibility of transferring or interacting with these NFTs. All tokens sent to this kind of smart contracts would simply be frozen forever.

Tools Used

Manual review, VSCode

Recommendations

For the use cases where it is best to use either safe_mint or _mint, refer to this thread.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.