L-6: Use of `_mint` Instead of `_safeMint` for ERC721 Tokens
Description:
The contract uses the _mint function to create new ERC721 tokens, which does not check if the recipient is capable of receiving ERC721 tokens.
Instances:
-
Minting to Contract Itself (Line 81):
_mint(address(this), tokenId); -
Minting to Recipient (Line 110):
_mint(recipient, tokenId);
Impact:
-
Potential Token Loss:
If tokens are minted to a contract that does not implement the
onERC721Receivedfunction, they could become permanently locked, leading to loss of tokens.
-
Compliance with ERC721 Standard:
The ERC721 standard recommends using
_safeMintto ensure safe transfers to contracts.
Recommendation:
-
Use
_safeMintFunction:-
Replace
_mintwith_safeMintto include safety checks. -
Updated Minting to Contract Itself:
_safeMint(address(this), tokenId); -
Updated Minting to Recipient:
_safeMint(recipient, tokenId);
-
-
Handle Potential Reverts:
Be prepared for the possibility that
_safeMintmay revert if the recipient cannot handle ERC721 tokens.
-
Inform Users:
Clearly communicate to users that their addresses must be capable of receiving ERC721 tokens, especially if they are using smart contract wallets.
Appeal created
Use of `_mint` instead of `safeMint`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.