Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possible Minting of Sablier V2 Lockup NFTs to Non-Supported NFT Addresses in `SablierV2LockupDynamic` and `SablierV2LockupLinear` contracts

0xaadhi

Note

The LightChaser detected this issue as [Medium-2], but it missed the same issue in two other contracts: SablierV2LockupDynamic and SablierV2LockupLinear.

Summary

The SablierV2LockupDynamic and SablierV2LockupLinear contracts use _mint() instead of _safeMint() when minting, which can result in minting a Sablier V2 Lockup NFT to a contract that does not support NFTs.

Vulnerability Details

The issue lies in the _create function of the SablierV2LockupDynamic and SablierV2LockupLinear contracts.

File: SablierV2LockupDynamic.sol
// Effect: mint the NFT to the recipient.
_mint({ to: params.recipient, tokenId: streamId });

https://github.com/Cyfrin/2024-05-Sablier/blob/43d7e752a68bba2a1d73d3d6466c3059079ed0c6/v2-core/src/SablierV2LockupDynamic.sol#L354

File: SablierV2LockupLinear.sol
// Effect: mint the NFT to the recipient.
_mint({ to: params.recipient, tokenId: streamId });

https://github.com/Cyfrin/2024-05-Sablier/blob/43d7e752a68bba2a1d73d3d6466c3059079ed0c6/v2-core/src/SablierV2LockupLinear.sol#L273C1-L274C60

Impact

SablierV2LockupDynamic and SablierV2LockupLinear may mint a Sablier V2 Lockup NFT to a contract that cannot handle NFTs.

Tools Used

Manual Review

Recommendations

Use _safeMint() instead of _mint()

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Known - LightChaser

https://github.com/Cyfrin/2024-05-Sablier/issues/1

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.