GivingThanks

Summary

The GivingThanks::donate function in the contract uses the _mint function to create ERC721 tokens and assign them to the caller (msg.sender). However, _mint does not verify whether the recipient can safely receive ERC721 tokens, potentially leading to a loss of tokens if the recipient is a contract that does not implement the onERC721Received function, as required by the ERC721 standard.

Vulnerability Details

• The donate function is designed to mint a new ERC721 token for the caller after a donation is successfully processed.
• The function uses _mint, which does not check if the recipient is capable of handling ERC721 tokens. If msg.sender is a contract that does not implement the onERC721Received interface, the token may be permanently locked in the recipient contract.
• This behavior deviates from the ERC721 standard, which recommends the use of _safeMint to ensure that tokens are transferred safely, especially when interacting with contracts.

Impact

If msg.sender is a contract that lacks the onERC721Received interface, minted tokens may become permanently inaccessible, leading to potential economic.

Tools Used

Foundry, Remix

Recommendations

Ensure tokens are minted only to addresses capable of handling ERC721 tokens.