c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as low quality report
c4-pre-sort
commented
1 year ago minhquanym marked the issue as primary issue
minhquanym
commented
1 year ago OOS in the winning bot race report
c4-judge
commented
1 year ago trust1995 marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721.sol#L266
Vulnerability details
Note:
I only reported two issues that were not reported by the winning bot
Calls _mint
Description
The _mint function is often used to create new tokens in a Solidity smart contract.However, if the function is not implemented correctly, it can introduce vulnerabilities such as integer overflow and underflow, reentrancy, and other types of attacks.To address these issues, the safeMint function was introduced as part of the OpenZeppelin library.The safeMint function includes additional checks to prevent potential attacks, making it a safer alternative to _mint.
There are 2 instances of this issue:
### - File: contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721.sol ``` Line: 266 super._mint(to, tokenId, allowNonLSP1Recipient, data) ``` use safeMint instead. [https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721.sol#L266](https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721.sol#L266) - File: contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721InitAbstract.sol ``` Line: 266 super._mint(to, tokenId, allowNonLSP1Recipient, data) ``` use safeMint instead. [https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721InitAbstract.sol#L266](https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8CompatibleERC721InitAbstract.sol#L266)Assessed type
Token-Transfer