Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Use _safeMint instead _mint

sovaslava

Summary

Function mintEgg() call internal functoin _mint, which does not check, if receiver(if it is contract) ready to accept nft and coult work with it.

Vulnerability Details

_mint function from OZ library does not check, if receiver address could work with nft. For this puprose there is _safeMint function in OZ library, that has check it.

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/d183d9b07a6cb0772ff52aa4e3e40165e99d6359/contracts/token/ERC721/ERC721.sol#L309C1-L316C6

/**
* @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
* forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
*/
function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
_mint(to, tokenId);
ERC721Utils.checkOnERC721Received(_msgSender(), address(0), to, tokenId, data);
}

Impact

If user use contract for play in the game and his contract does not ready to receive nft from the game, nft could permamently lost in contract and user could not receive it on his own address.

Tools Used

Manual review

Recommendations

Use safeMint function from OZ library instead _mint

Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Unsafe ERC721 Minting

Protocol doesn't check if recipient contracts can handle ERC721 tokens

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.