GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Use of `_mint` instead of `_safeMint` for ERC721 Tokens can Lead to loss of Reciepts.

icis

[M-1] Use of _mint instead of _safeMint for ERC721 Tokens can Lead to loss of Reciepts.

Relevant Github Link: https://github.com/Cyfrin/2024-11-giving-thanks/blob/304812abfc16df934249ecd4cd8dea38568a625d/src/GivingThanks.sol#L26

Description: The unique NFT that is minted to the donors after a donation, is minted using _mint which does not check if the recipient is capable of receiving ERC721 Tokens.

In GivingThanks::donate function line 26:

@> _mint(msg.sender, tokenCounter);

Impact:

  1. Potential Token Loss: If tokens are minted to an address that does not implement onERC721Received function after donation, they could become permanently locked, leading to loss of token and loss of the receipt used to commemorate their contribution.

  2. Compliance with ERC721 Standard: The ERC721 standard recommends using _safeMint to ensure safe transfers to contracts.

Recommended Mitigation:

  1. Use _safeMint instead of _mint to include safety checks.

  2. Handle Potential Reverts: Be prepared for the possibility that _safeMint may revert if the recipient cannot handle ERC721 tokens.

  3. Inform Users: Clearly communicate to donors that their addresses must be capable of receiving ERC721 tokens, especially if they are using smart contract wallets.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.