Tokens Can Be Permanently Lost When Minted to Smart Contracts
Summary
The mintEgg function allows the game contract to mint new NFT eggs by calling the internal _mint function from the ERC721 standard. However, it uses _mint instead of _safeMint, which can cause NFTs to be sent to contracts that do not know how to handle them. This can result in NFTs getting stuck and permanently lost if the receiving contract does not implement the onERC721Received interface.
Vulnerability Details
The function allows minting of NFT eggs to any address, including smart contracts. However, since it uses _mint instead of _safeMint, there is no check to see if the receiving contract can handle NFTs. If an egg is minted to a contract that does not support the onERC721Received function, the egg will be locked forever, as the contract won't be able to transfer or interact with it properly. This is especially risky if the game or vault interacts with other contracts.
Impact
NFTs can be permanently lost if minted to a smart contract that can't handle them.
Players or vault systems could lose assets due to the improper use of
_mint.This results in poor user experience and asset mismanagement.
Tools Used
Manual review
Recommendations
Replace _mint with _safeMint in the mintEgg function to ensure that tokens are only minted to addresses that can receive and manage NFTs.
Lead Judging Commences
Unsafe ERC721 Minting
Protocol doesn't check if recipient contracts can handle ERC721 tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.