When a stream
is created, a NFT is minted to that recipient. However _mint
is used, which can cause problems.
In the current implementation, if the recipient is a smart contract that can not receive ERC721 tokens, the minting will go though as there is no check for this. The _safeMint
function does just that - it has a check if the recipient can handle ERC721 tokens.
Minting ERC721 tokens to contracts that can not handle them.
Manual Review
Use _safeMint
instead of _mint
, but also add nonReentrant
modifiers, since _safeMint
can reenter.
https://github.com/Cyfrin/2024-05-Sablier/issues/1
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.