Use of _mint Instead of _safeMint in mintEgg May Lead to Token Loss
Summary
The mintEgg function in EggstravaganzaNFT uses _mint instead of _safeMint, which may result in NFTs being irretrievably sent to contracts that are not capable of handling ERC721 tokens.
Vulnerability Details
_mint does not check whether to is a contract that can handle NFTs. If to is a contract that does not implement onERC721Received, the NFT will be stuck and cannot be retrieved, resulting in a loss of ownership.
Using _safeMint adds a safety check This ensures that if to is a contract, it must correctly implement the IERC721Receiver interface, otherwise the mint will fail and prevent accidental loss.
Impact
NFTs can be minted to incompatible contracts and get permanently stuck.
Tools Used
Manual code review.
Recommendations
Replace _mint with _safeMint in mintEgg function.
Lead Judging Commences
Unsafe ERC721 Minting
Protocol doesn't check if recipient contracts can handle ERC721 tokens
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.