Open hats-bug-reporter[bot] opened 11 months ago
Github username: -- Submission hash (on-chain): 0x1e594f92fde0c1e75fa6282565f3fbe46d7ec1988b7a969ea38a8d9be1a913c3 Severity: medium
Description: Description\ Use safeMint instead of mint for ERC721
Attack Scenario\ The _receiver will be minted a NFT when mint() is called.
_receiver
However, if _receiver is a contract address that does not support ERC721, the NFT can be frozen in the contract.
As per the documentation of EIP-721:
A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.
Ref: https://eips.ethereum.org/EIPS/eip-721
As per the documentation of ERC721.sol by Openzeppelin
Ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol#L274-L285
Recommendation Use safeMint instead of mint to check received address support for ERC721 implementation.
here is similar kind of issue https://solodit.xyz/issues/m-1-tomo-m3-use-safemint-instead-of-mint-for-erc721-sherlock-3d-frankenpunks-frankendao-git
the caller should make sure this. we choose not to introduce another re-entrancy point into protocol
Github username: -- Submission hash (on-chain): 0x1e594f92fde0c1e75fa6282565f3fbe46d7ec1988b7a969ea38a8d9be1a913c3 Severity: medium
Description: Description\ Use safeMint instead of mint for ERC721
Attack Scenario\ The
_receiver
will be minted a NFT when mint() is called.However, if
_receiver
is a contract address that does not support ERC721, the NFT can be frozen in the contract.As per the documentation of EIP-721:
A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.
Ref: https://eips.ethereum.org/EIPS/eip-721
As per the documentation of ERC721.sol by Openzeppelin
Ref: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol#L274-L285
Recommendation Use safeMint instead of mint to check received address support for ERC721 implementation.
here is similar kind of issue https://solodit.xyz/issues/m-1-tomo-m3-use-safemint-instead-of-mint-for-erc721-sherlock-3d-frankenpunks-frankendao-git