GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-01] `GivingThanks::donate` uses `_mint` to create new ERC-721 tokens, which does not verify if the recipient is able to receive the token

0xnelli

Summary

The GivingThanks::donate function uses _mint to create a donation receipt ERC-721 token, however, this function does not verify if the receiving address is capable of receiving the token.

Vulnerability Details

In the GivingThanks::donate function it can be seen that the _mint function from OpenZeppelin's ERC-721 contract is used to create and send a new donation receipt ERC-721 token to the donor.

function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
(bool sent,) = charity.call{value: msg.value}("");
require(sent, "Failed to send Ether");
@> _mint(msg.sender, tokenCounter);
...
}

This function does not implement onERC721Received to check whether the receiver can receive the token.

Impact

This can result in the loss of donation receipt tokens.

Tools Used

Manual review.

Recommended Mitigation

The GiveThanks::donate function should use the _safeMint function provided by OpenZeppelin's ERC-721 contract that is inherited by the GiveThanks contract.

function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
(bool sent,) = charity.call{value: msg.value}("");
require(sent, "Failed to send Ether");
+ _safeMint(msg.sender, tokenCounter);
- _mint(msg.sender, tokenCounter);
...
}

Additionally, the GiveThanks::donate function should be prepared for the _safeMint function to revert in the event the caller cannot receive the ERC-721.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.