_mint
ing of NFT does not check if the recipient has already received the NFT, thereby causing the same recipient to receive NFT more than once
Line _mint({ to: params.recipient, tokenId: streamId });
in SablierV2LockupLinear::_create
, SablierV2LockupDynamic::_create
, SablierV2LockupTranched::_create
, does not have a validation to check if the recipient has already received the NFT.
In the subsequent lines, the safeTransferFrom
calls can fail due to out-of-gas
conditions but the _mint
step will still persist. If the call is made again to rectify the failed safeTransferFrom
calls, the _mint
function would be called again, causing the recipient
to receive NFT more than once
The recipient
can receive NFTs more than the once (or the intended time)
Manual Review
Introduce the following mapping _mintedNFTs
as a state variable and two new functions _isNFTMinted
and _mintWithCheck
call the _mint
function like so:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.