Unsafe _transfer And _mint can cause loss of NFT
Summary
_mint and _transfer does not check if the receiving contract can handle erc721 tokens which causes permanent loss of the tokens
Vulnerability Details
_mint and _transfer in the erc721 base contract of open zeppelin implementation does not check if the user contract can handle erc721 tokens. The transfer/minting process will be successful, but the user not having the standard interface and utility to recieve, will not be able to handle the nft token
https://github.com/Cyfrin/2024-10-trick-or-treat/blob/9cb3955058cad9dd28a24eb5162a96d759bfa842/src/TrickOrTreat.sol#L131
https://github.com/Cyfrin/2024-10-trick-or-treat/blob/9cb3955058cad9dd28a24eb5162a96d759bfa842/src/TrickOrTreat.sol#L110
Impact
The NFT sent to the user will be permanently locked and lost in their account.
Tools Used
manual research
Recommendations
use _safeTransfer and _safeMint functions from safe libraries like openzeppelin
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/448efeea6640bbbc09373f03fbc9c88e280147ba/contracts/token/ERC721/ERC721.sol#L378
Appeal created
Use of `_mint` instead of `safeMint`
Use of `_transfer` instead of `safeTransfer`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.