search

sherlock-audit / 2023-04-footium-judging

13 stars 7 forks source link

tsueti_ - _safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE #401

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

tsueti_

medium

_safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE

Summary

_mint() is [discouraged] (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/d4d8d2ed9798cc3383912a23b5e8d5cb602f7d4b/contracts/token/ERC721/ERC721.sol#L271) in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. [Both OpenZeppelin] (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/d4d8d2ed9798cc3383912a23b5e8d5cb602f7d4b/contracts/token/ERC721/ERC721.sol#L238-L250) and [solmate] (https://github.com/Rari-Capital/solmate/blob/4eaf6b68202e36f67cab379768ac6be304c8ebde/src/tokens/ERC721.sol#L180) have versions of this function

Vulnerability Detail

function mint(address receiver, uint256 amount) public onlyOwner {
    _mint(receiver, amount);
}

Impact

Loss of funds due to use of _mint

Code Snippet

https://github.com/sherlock-audit/2023-04-footium/blob/main/footium-eth-shareable/contracts/FootiumToken.sol#LL23C1-L25C6

Tool used

Manual Review

Recommendation

Use _safeMint() where possible

Duplicate of #342