seongyun-ko
commented
11 months ago the caller should make sure this. we choose not to introduce another re-entrancy point into protocol
Open hats-bug-reporter[bot] opened 11 months ago
seongyun-ko
commented
11 months ago the caller should make sure this. we choose not to introduce another re-entrancy point into protocol
Github username: -- Submission hash (on-chain): 0x1e594f92fde0c1e75fa6282565f3fbe46d7ec1988b7a969ea38a8d9be1a913c3 Severity: medium
Description: Description\ Use safeMint instead of mint for ERC721
Attack Scenario\ The
_receiverwill be minted a NFT when mint() is called.However, if
_receiveris a contract address that does not support ERC721, the NFT can be frozen in the contract.As per the documentation of EIP-721:
A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.
Ref: https://eips.ethereum.org/EIPS/eip-721
As per the documentation of ERC721.sol by Openzeppelin
Ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol#L274-L285
Recommendation Use safeMint instead of mint to check received address support for ERC721 implementation.
here is similar kind of issue https://solodit.xyz/issues/m-1-tomo-m3-use-safemint-instead-of-mint-for-erc721-sherlock-3d-frankenpunks-frankendao-git