Weather Witness
First Flight #40
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: low
Invalid

Unsafe `ERC721::_mint()`

0xshield

Root + Impact

Description

The standard behavior of minting ERC721 tokens involves using _safeMint() to ensure that the recipient is capable of handling ERC721 tokens, i.e., it implements the onERC721Received() interface.

The current implementation uses _mint() directly, which bypasses this safety check. This can lead to situations where tokens are minted to contracts that cannot handle them, resulting in permanent loss of NFTs.

// Root cause in the codebase with @> marks to highlight the relevant section
156: @>_mint<@(msg.sender, tokenId);

Risk

Likelihood:

  • This will occur when a user calls fulfillMintRequest() from a contract that does not implement onERC721Received().

  • More likely in production if dApps or automated agents interact with your contract.

Impact:

  • The token is minted to a contract that cannot receive ERC721s.

  • The NFT might become inaccessible and permanently locked.

Proof of Concept

None

Recommended Mitigation

- _mint(msg.sender, tokenId);
+ _safeMint(msg.sender, tokenId);

Using _safeMint() ensures compatibility and prevents accidental loss of tokens.

Updates

Appeal created

bube Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Use of `_mint` istead of `_safeMint`

The `fulfillMintRequest` function is external and anyone can call it. If the protocol uses `_safeMint` instead of `_mint`, this introduces a reentrancy risk. It is better to use `_mint` and the caller is responsible for being able to obtain the token.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.