HickupHH3
commented
2 years ago 1.3. _safeMint() should be used rather than _mint() wherever possible _mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both open OpenZeppelin and solmate have versions of this function so that NFTs aren't lost if they're minted to contracts that cannot transfer them back out.
PuttyV2.sol:44:import "solmate/tokens/ERC721.sol";
PuttyV2.sol:337: _mint(order.maker, uint256(orderHash));
PuttyV2.sol:342: _mint(msg.sender, positionId);
Be careful however to respect the CEI pattern or add a re-entrancy guard as _safeMint adds a callback-check (_checkOnERC721Received) and a malicious onERC721Received could be exploited if not careful. The CEIP is already well respected in the solution.
dup of #327
Judge has assessed an item in Issue #390 as Medium risk. The relevant finding follows: