[L-2] Missing Use Of _Safemint in ```WeatherNft::fulfillMintRequest``` Function.
Root + Impact
[L-2] Missing Use Of _Safemint in WeatherNft::fulfillMintRequest Function.
Description
The WeatherNft Contract uses _mint Function To mint NFTS.However,
_safemint should be used instead of just _mint function,to ensure
more security.Without _safemint nfts can get locked permanently in contract
which does not support receiving Them.
Impact:
1.NFTS can get locked in contract permanently,if there is no receiving support.
2.NON-Compliance with ERC721 Standards.
Proof of Concept
Attacker deploys attack contract which does not implement IERC721Receiver interface ,
and calls the mint function using attack contract as the msg.sender.
Recommended Mitigation
Use _safemint instead of _mint:
Appeal created
[Invalid] Use of `_mint` istead of `_safeMint`
The `fulfillMintRequest` function is external and anyone can call it. If the protocol uses `_safeMint` instead of `_mint`, this introduces a reentrancy risk. It is better to use `_mint` and the caller is responsible for being able to obtain the token.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.