_safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE
Summary
_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function
Vulnerability Detail
function absorb(address user) public {
uint256 balance = IERC20(underlying).balanceOf(address(this));
uint256 amount = balance - totalSupply();
_mint(user, amount);
}
tsueti_
medium
_safeMint() SHOULD BE USED RATHER THAN _mint() WHEREVER POSSIBLE
Summary
_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function
Vulnerability Detail
Impact
Loss of funds due to use of _mint
Code Snippet
https://github.com/sherlock-audit/2023-05-ironbank/blob/main/ib-v2/src/protocol/token/PToken.sol#L67
Tool used
Manual Review
Recommendation
Use _safeMint() where possible