Summary

The withdraw_auto_from_l1 function and the withdrawTokens function in the bridge implementation use the mint function instead of the safe_mint/safeMint function to mint NFTs. This practice bypasses important safety checks that ensure the recipient contract is capable of handling ERC721 tokens, potentially resulting in NFTs being transferred to contracts that cannot process them, leading to permanent loss of those NFTs.

Vulnerability Details

The ERC721 standard provided by OpenZeppelin includes two functions for minting tokens: mint and safe_mint/safeMint. The safe_mint function includes a critical check that ensures the recipient contract can handle ERC721 tokens by verifying the implementation of the onERC721Received function. This is essential to prevent NFTs from being sent to contracts that are not designed to handle them.

mint``frombridge_uses the _mint instead of __safemint

Same issue exists in the ERC721Bridgeable::mintFromBridgecalled from within the Bridge::withdrawTokensuses mintinstead of safeMint. This approach skips the necessary contract checks, which could result in NFTs being sent to non-compliant contracts, leading to potential permanent loss of the tokens.

Impact

By using mint instead of safe_mint, NFTs may be permanently lost if they are transferred to a contract that does not support the ERC721Receiver interface, as the tokens may become inaccessible. The absence of contract checks when minting tokens increases the risk of tokens being transferred to unintended or non-compliant recipients

Tools Used

Manual Review.

Recommendations

• Update the withdraw_auto_from_l1 function to use safe_mint instead of mint to ensure that NFTs are only transferred to addresses capable of handling them

• Modify the mintFromBridge function in the IERC721Bridgeable implementation to use _safemint instead of _mint: