FjordPoints:: claimPoints Using ERC721::_mint() that can be dangerous
Summary
The claimPoints() function in the FjordPoints.sol contract utilizes the ERC721::_mint() function, which poses a risk because it can mint ERC721 tokens to addresses that do not support ERC721 tokens.
Vulnerability Details
-
Location:
src/FjordPoints.sol, Line 258. -
Function Involved:
function claimPoints() external checkDistribution updatePendingPoints(msg.sender) {UserInfo storage userInfo = users[msg.sender];uint256 pointsToClaim = userInfo.pendingPoints;if (pointsToClaim > 0) {userInfo.pendingPoints = 0;_mint(msg.sender, pointsToClaim); <@ FOUNDemit PointsClaimed(msg.sender, pointsToClaim);}}ERC721 tokens are minted to the caller's address (
msg.sender) using the_mint()function. However, this function does not check whether the recipient address can handle ERC721 tokens, leading to potential issues if the recipient address is a contract that does not implement the ERC721 interface.
Impact
This vulnerability has a medium severity because if ERC721 tokens are minted to an address that does not support ERC721 tokens (e.g., a contract that does not conform to the ERC721 standard), these tokens may be irretrievably locked or cause transactional failures. Such issues could degrade user experience and disrupt the intended token distribution mechanism, impacting the contract's overall functionality and reliability.
Tools Used
Manual code review.
Recommendations
To address this issue, replace the use of _mint() with _safeMint() in the claimPoints() function. The _safeMint() function checks if the recipient address can receive ERC721 tokens and will revert the transaction if the recipient does not support the ERC721 interface, thereby preventing the minting of tokens to incompatible addresses.
Updated Code:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.