Summary

The Mondrian Wallet smart contract, designed for NFT management and transactions, lacks an explicit call to the _safeMint() function in its constructor. This omission prevents the automatic minting of an NFT upon contract creation, a crucial feature for the wallet's intended functionality.

Vulnerability Details

The primary vulnerability identified in the Mondrian Wallet contract is the absence of an explicit call to the _safeMint() function within its constructor. This oversight prevents the automatic minting of an NFT upon the contract's creation, which is a critical feature for the intended functionality of the wallet.

Impact

The failure to mint an NFT upon contract creation could significantly impact the utility and perceived value of the Mondrian Wallet. Users expecting to receive an NFT immediately upon interacting with the contract would be disappointed, potentially leading to decreased adoption and trust in the platform.

Tools Used

Hardhat

Recommendations

To address the identified issue and ensure the contract fulfills its intended functionality, the following recommendations are made:

Explicitly Call _safeMint() in the Constructor: Modify the contract's constructor to include a call to _safeMint(), ensuring an NFT is minted and assigned to the contract or a designated address upon deployment. This change will enable the automatic minting of an NFT upon contract creation, aligning with the wallet's intended design and functionality.