Potential loss of NFTs due to unsafe minting in AccountNFT contract
Vulnerability Details
In the AccountNFT.sol contract, the mint() function uses the _mint() function instead of _safeMint() when creating new NFTs. This implementation choice can lead to potential issues when minting tokens to contract addresses that do not support ERC721 tokens.
The _mint() function does not check whether the recipient is capable of receiving ERC721 tokens. In contrast, _safeMint() includes a check to ensure the recipient can handle ERC721 tokens, either by being an EOA (Externally Owned Account) or by implementing the onERC721Received() function if it's a contract.
By using _mint(), the contract assumes that the to address can handle ERC721 tokens. However, if to is a contract address that doesn't support ERC721, the minted token becomes permanently locked or lost.
Impact
Permanent Loss of NFTs: Tokens minted to incompatible contract addresses becomes irretrievable.
Proof of Concept
Alice calls
createTradingAccount()in the TradingAccountBranch contract.The TradingAccountBranch contract calls
mint()on the AccountNFT contract.Alice's address is a contract that doesn't support ERC721, the NFT is minted but becomes inaccessible.
Alice loses access to her trading account represented by the NFT.
Recommendations
To mitigate this vulnerability, replace _mint() with _safeMint() in the mint() function:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.