code-423n4 / 2022-10-zksync-findings

3 stars 0 forks source link

_safeMint should be used to work with smart contract address #285

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/zksync/contracts/bridge/L2StandardERC20.sol#L103

Vulnerability details

Fix

_safeMint() should be used if you are sending the minted token to a Contract that is capable to manage NFTs or not. This is to prevent tokens to be lost.

Recommended Mitigation Steps

Replace _mint with _safeMint.

Tools Used

Manual review

GalloDaSballo commented 1 year ago

Nope

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient quality