GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Use `ERC721::_safeMint()` instead of `_mint()`

0xalex

Summary

The donate function in the GivingThanks contract could lose an ERC721 token if the recipient doesn't follow the ERC721 standard.

Vulnerability Details

In GivingThanks::donate calls _mint function, which could lead to un-received ERC721 token: The donate function mints an ERC721 token to the donor using _mint. However, if the recipient's wallet does not implement the ERC721 wallet interface correctly, the token may be lost.

Impact

This issue could result in:

  • Donors losing their ERC721 tokens representing their donations.

  • Decreased user trust in the platform due to potential loss of assets.

  • Negative impact on the platform's reputation.

Tools Used

Manual review

Recommendations

GivingThanks::donate calls _mint function, which could lead to un-received ERC721 token: To mitigate this risk, replace _mint with _safeMint in the donate function. This ensures that the recipient can correctly receive the ERC721 token, preventing potential loss.

Diff:

(bool sent,) = charity.call{value: msg.value}("");
require(sent, "Failed to send Ether");
- _mint(msg.sender, tokenCounter);
+ _safeMint(msg.sender, tokenCounter);
//@audit-issue _mint function does not implement checks if user received ERC721 token
// Create metadata for the tokenURI
Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.