[L-2] Missing Use Of _Safemint in ```WeatherNft::fulfillMintRequest``` Function.
Root + Impact
[L-2] Missing Use Of _Safemint in WeatherNft::fulfillMintRequest Function.
Description
The WeatherNft Contract uses _mint Function To mint NFTS.However,
_safemint should be used instead of just _mint function,to ensure
more security.Without _safemint nfts can get locked permanently in contract
which does not support receiving Them.
Impact:
1.NFTS can get locked in contract permanently,if there is no receiving support.
2.NON-Compliance with ERC721 Standards.
Proof of Concept
Attacker deploys attack contract which does not implement IERC721Receiver interface ,
and calls the mint function using attack contract as the msg.sender.
Recommended Mitigation
Use _safemint instead of _mint:
Appeal created
[Invalid] Use of `_mint` istead of `_safeMint`
The `fulfillMintRequest` function is external and anyone can call it. If the protocol uses `_safeMint` instead of `_mint`, this introduces a reentrancy risk. It is better to use `_mint` and the caller is responsible for being able to obtain the token.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.