Trick or Treat
First Flight #27
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

In the internal function `SpookySwap::mintTreat`, the `_mint` function from `ERC721.sol` it's called instead of `ERC721::_safeMint`. Allowing some smart contracts to have their NFT locked if they don't support ERC-721 tokens.

xilobytes

Description

The function SpookySwap::mintTreat implements the ERC721::_mint function instead of ERC721::_safeMint.

Impact

Some users may implement smart contracts to participate in the trick or treat. If the smart contracts lack support for ERC-721 tokens, their minted NFTs will get stuck inside them. This is due to the ERC721::_mint function doesn't verify if the receiving address supports ERC-721 tokens.

Proof of Concepts

  1. A smart contract that doesn't support ERC-721 tokens calls the SpookySwap::trickOrTreat function

  2. The smart contract receives the NFT

  3. The owner of the contract is not allowed to transfer the NFT from the smart contract.

Tools Used
Foundry, VsCode

Recommended mitigation

Use ERC721::_safeMint instead of ERC721::_mint.

function mintTreat(address recipient, Treat memory treat) internal {
uint256 tokenId = nextTokenId;
+ _safeMint(recipient, tokenId);
_setTokenURI(tokenId, treat.metadataURI);
nextTokenId += 1;
emit Swapped(recipient, treat.name, tokenId);
}
Updates

Appeal created

bube Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Use of `_mint` instead of `safeMint`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.