Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Unsafe NFT Minting In EggstravaganzaNFT.sol::mintEgg()

0xalipede

Summary

The Eggstravaganza NFT contract currently uses _mint instead of _safeMint when minting NFTs. This can lead to NFTs being permanently locked if minted to a contract that cannot handle NFTs properly and does not implement onERC721Received. The issue affects the EggHuntGame contract, which mints NFTs to players who successfully find eggs.

Vulnerability Details

Affected code:

The mintEgg function in EggstravaganzaNFT is implemented as follows:

function mintEgg(address to, uint256 tokenId) external returns (bool) {
require(msg.sender == gameContract, "Unauthorized minter");
_mint(to, tokenId);
totalSupply += 1;
return true;
}

This function uses _mint, which does not check whether the to address is capable of handling ERC721 tokens. If to is a smart contract that does not implement onERC721Received, the NFT will be stuck in the contract with no way to transfer or burn it if the contract lacks such functionality.

Impact

If an NFT is minted to a contract that cannot handle it properly, it will be locked permanently.

Tools Used

  • Manual review

Recommendations

Use _safeMint Instead of _mint:

function mintEgg(address to, uint256 tokenId) external returns (bool) {
require(msg.sender == gameContract, "Unauthorized minter");
- _mint(to, tokenId);
+ _safeMint(to, tokenId);
totalSupply += 1;
return true;
}

This ensures that smart contracts receiving NFTs can handle them, preventing asset loss.

Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Unsafe ERC721 Minting

Protocol doesn't check if recipient contracts can handle ERC721 tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.