search

sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

tsueti_ - _safeMint() Should Be Used Rather Than _mint() Wherever Possible #116

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

tsueti_

medium

_safeMint() Should Be Used Rather Than _mint() Wherever Possible

Summary

_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function

Vulnerability Detail

function mint(address account, uint256 amount) external onlyMinter whenNotPaused notBlacklisted(account) {
        require(amount != 0, "Invalid amount");
        _mint(account, amount);
        emit Mint(account, amount);
    }

Impact

Lose of funds due to use of _mint()

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/ERC20Token.sol#L173

Tool used

Manual Review

Recommendation

Use _safeMint() where possible