search

code-423n4 / 2021-09-sushitrident-2-findings

0 stars 0 forks source link

`TridentNFT._mint` can mint to zero address #46

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Vulnerability details

The TridentNFT._mint_ function allows minting to the zero address.

Impact

As existence of an NFT is checked by ownerOf[tokenId] != address(0), minting to the zero address should be disallowed. The same tokenId can be minted several times to the zero address, increasing balanceOf[0] each time.

Recommended Mitigation Steps

Add a check for recipient != address(0).

sarangparikh22 commented 3 years ago

Avoided this check for gas golfing