GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

unsafe function is used to mint tokens

rahim7x

Summary

GivingThanks::donate uses _mint function to mint NFTs , this can result in NFTs being sent to addresses that do not support ERC721 tokens, causing them to become irretrievable. To prevent this, _safeMint() should be used instead to ensure that the recipient address can safely receive the NFT

Vulnerability Details

function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
(bool sent,) = charity.call{value: msg.value}("");
require(sent, "Failed to send Ether");
_mint(msg.sender, tokenCounter);
// Create metadata for the tokenURI
string memory uri = _createTokenURI(msg.sender, block.timestamp, msg.value);
_setTokenURI(tokenCounter, uri);
tokenCounter += 1;
}

Impact

  • Permanent Loss of NFTs: If an NFT is minted to a contract that does not support ERC721 tokens, it could be permanently lost or locked, with no way to retrieve it.

  • User Frustration and Financial Loss: Users may lose access to valuable NFTs due to improper handling of the minting process.

  • Potential Exploitation: An attacker could deliberately target contracts that cannot handle ERC721 tokens to cause NFT losses.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

rahim7x Submitter
12 months ago
n0kto Lead Judge
12 months ago
n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.