_mint inside of eggMint() can lead to lost NFT's
Summary
Using "mint" rather than _"_safeMint" can lead to minting egg NFT's to contracts that aren't set up to handle ERC-721 tokens.
Vulnerability Details
Inside of the 'eggMint()' function in the EggstravaganzaNFT.sol contract, the minting is done with the call to "mint". This doesn't do a check if the receiving contract is equipped to receive and manage ERC-721 tokens.
This could lead to lost NFT's as the receiver won't be able to get them. A better method would be to use "_safeMint" instead, which will do a check on the receiving contract to see if they have implemented the onERC721Received interface, lessening the chance of sending NFT's to an incompatible receiver.
Impact
Minted NFT's that will be wasted as they can't be handled by the receiver.
Tools Used
Manual review.
Recommendations
Inside of the eggMint() function in the EggstravaganzaNFT.sol contract, change "_mint_"_ to "_safeMint" so the full function looks like:
Lead Judging Commences
Unsafe ERC721 Minting
Protocol doesn't check if recipient contracts can handle ERC721 tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.