GivingThanks

First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

Use of _mint Instead of _safeMint for ERC721 Tokens

Description

The contract GivingThanks uses the _mint function to create new ERC721 tokens, which does not check if the recipient is capable of receiving ERC721 tokens.

Instances:

  1. Minting to donor (Line 26):

_mint(msg.sender, tokenCounter);

Impact

  1. Potential Token Loss:

    • If tokens are minted to a contract that does not implement the onERC721Received function, they could become permanently locked, leading to loss of tokens.

  2. Compliance with ERC721 Standard:

    • The ERC721 standard recommends using _safeMint to ensure safe transfers to contracts.

Recommended Mitigation

  1. Use _safeMint Function:

    • Replace _mint with _safeMint to include safety checks.

    _safeMint(msg.sender, tokenCounter);
  2. Handle Potential Reverts:

    • Be prepared for the possibility that _safeMint may revert if the recipient cannot handle ERC721 tokens.

  3. Inform Users:

    • Clearly communicate to users that their addresses must be capable of receiving ERC721 tokens, especially if they are using smart contract wallets.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.