`_safeMint()` should be used rather than `_mint()` wherever possible

[code423n4]

Lines of code

---

139, 178, 204

Vulnerability details

---

_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, _mint() does not call ERC721TokenReceiver.onERC721Received() on the recipient.

File: contracts/YieldBox.sol

139:         _mint(to, assetId, share);

178:         _mint(to, assetId, 1);

204:         _mint(to, assetId, share);

Assessed type

---

other