Unsafe ERC721 token minting in function `WeatherNft::fulfillMintRequest()`
Root + Impact
Unsafe ERC721 token minting in function WeatherNft::fulfillMintRequest() could lead to a token loss
Description
The WeatherNft contract is minting ERC721 tokens in an unsafe manner. The contract uses the _mint() function, which does not check whether the to address is capable of handling ERC721 tokens. In case to is a smart contract, not implementing onERC721Received, the NFT will be locked permanently in the contract.
Risk
Likelihood: Medium
Impact:
Token loss: minted NFT could be send to a smart contract, not handling properly ERC721 tokens and lead to a permanent token loss
Proof of Concept
Recommended Mitigation
Use _safeMint() instead of _mint() in function WeatherNft::fulfillMintRequest()
This ensures that smart contracts receiving NFTs can handle them, preventing token loss.
Appeal created
[Invalid] Use of `_mint` istead of `_safeMint`
The `fulfillMintRequest` function is external and anyone can call it. If the protocol uses `_safeMint` instead of `_mint`, this introduces a reentrancy risk. It is better to use `_mint` and the caller is responsible for being able to obtain the token.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.