Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

Absence of automatic mint functionality

Summary

The Mondrian Wallet smart contract, designed for NFT management and transactions, lacks an explicit call to the _safeMint() function in its constructor. This omission prevents the automatic minting of an NFT upon contract creation, a crucial feature for the wallet's intended functionality.

Vulnerability Details

The primary vulnerability identified in the Mondrian Wallet contract is the absence of an explicit call to the _safeMint() function within its constructor. This oversight prevents the automatic minting of an NFT upon the contract's creation, which is a critical feature for the intended functionality of the wallet.

Impact

The failure to mint an NFT upon contract creation could significantly impact the utility and perceived value of the Mondrian Wallet. Users expecting to receive an NFT immediately upon interacting with the contract would be disappointed, potentially leading to decreased adoption and trust in the platform.

Tools Used

Hardhat

Recommendations

To address the identified issue and ensure the contract fulfills its intended functionality, the following recommendations are made:

Explicitly Call _safeMint() in the Constructor: Modify the contract's constructor to include a call to _safeMint(), ensuring an NFT is minted and assigned to the contract or a designated address upon deployment. This change will enable the automatic minting of an NFT upon contract creation, aligning with the wallet's intended design and functionality.

constructor(address entryPoint) Ownable(msg.sender) ERC721("MondrianWallet", "MW") {
i_entryPoint = IEntryPoint(entryPoint);
_safeMint(msg.sender, randomTokenId);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

The Wallet doesn't end up owning any nft

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.