L-2: Using `ERC721::_mint()` can be dangerous if the receiver is a smart contract that doesn't support ERC721 tokens
L-2: Using ERC721::_mint() It can be dangerous if the receiver is a smart contract that doesn't support ERC721 tokens
Description
The use of ERC721::_mint() in the WeatherNft::fulfillMintRequest function can lead to issues if the recipient address is a smart contract that does not implement the IERC721Receiver interface. Since _mint() does not check whether the recipient can handle ERC721 tokens, it may result in tokens being irreversibly locked in contracts that are not capable of receiving them. This poses a risk of permanently stuck NFTs and loss of functionality for users interacting via contracts.
Risk
Likelihood:
-
if only externally owned accounts (EOAs) interact,
_mint()will generally work fine. -
when the contract can't control who the recipient is, there's a high chance the recipient could be a contract that doesn’t handle ERC721 tokens properly.
Impact:
NFTs may be permanently lost or inaccessible if minted to contracts that are not ERC721-compatible.
Recommended Mitigation
Use _safeMint() instead of _mint() to ensure that the receiving address can handle ERC721 tokens. _safeMint() performs a check and reverts the transaction if the recipient is a non-compliant contract.
Appeal created
[Invalid] Use of `_mint` istead of `_safeMint`
The `fulfillMintRequest` function is external and anyone can call it. If the protocol uses `_safeMint` instead of `_mint`, this introduces a reentrancy risk. It is better to use `_mint` and the caller is responsible for being able to obtain the token.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.