GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Use of '_mint' Instead of '_safeMint' for ERC721 Tokens

chrissavov

Summary

The contract uses the _mint function to create new ERC721 tokens, which does not check if the recipient is capable of receiving ERC721 tokens.

Vulnerability Details

Minting to Recipient (GivingThanks.sol line 26)

_mint(msg.sender, tokenCounter);

Impact

  • Potential Token Loss:

    • If tokens are minted to a contract that does not implement the onERC721Received function, they could become permanently locked, leading to loss of tokens.

  • Compliance with ERC721 Standard:

    • The ERC721 standard recommends using _safeMint to ensure safe transfers to contracts.

Tools Used

Manual review.

Recommendations

  • Use _safeMint Function:

    • Replace _mint with _safeMint to include safety checks.

    • Updated Minting to Recipient:

      _safeMint(msg.sender, tokenCounter);

  • Handle Potential Reverts:

    • Be prepared for the possibility that _safeMint may revert if the recipient cannot handle ERC721 tokens.

  • Inform Users:

    • Clearly communicate to users that their addresses must be capable of receiving ERC721 tokens, especially if they are using smart contract wallets.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!