In a few cases, ERC1155 coupons are minted or unwrapped and sent to the user. The practicality and utility of their ERC20-wrapped counterparts can be argued to be better, especially considering how it’s traded on Clober markets.
Furthermore, it’s more secure as it avoids handing over flow control to the recipient by not invoking the onERC1155BatchReceived() when mintBatch() is called.
Mitigation
Send wrapped ERC20 coupons instead of the unwrapped ERC1155 version.
Details
In a few cases, ERC1155 coupons are minted or unwrapped and sent to the user. The practicality and utility of their ERC20-wrapped counterparts can be argued to be better, especially considering how it’s traded on Clober markets. Furthermore, it’s more secure as it avoids handing over flow control to the recipient by not invoking the
onERC1155BatchReceived()whenmintBatch()is called.Mitigation
Send wrapped ERC20 coupons instead of the unwrapped ERC1155 version.