kaysoft - use _safeMint(...) instead of _mint(...)

[sherlock-admin]

kaysoft

medium

use _safeMint(...) instead of _mint(...)

Summary

The ERC721 _mint(...) function is used in the BoostNFT.sol#mint(...) function.

Vulnerability Detail

The ERC721 _mint(...) function is used in the BoostNFT.sol#mint(...) function. this function does not check if the receipient can receive NFT making the sent NFT stuck in the contract forever.

• https://github.com/sherlock-audit/2023-10-aloe/blob/main/aloe-ii/periphery/src/boost/BoostNFT.sol#L65

  function mint(IUniswapV3Pool pool, bytes memory initializationData, uint40 oracleSeed) public payable {
      uint256 id = uint256(keccak256(abi.encodePacked(msg.sender, balanceOf(msg.sender))));
  
      Borrower borrower = _nextBorrower(pool);
      attributesOf[id] = NFTAttributes(borrower, false);
      _mint(msg.sender, id);//@audit use safeMint
  
      initializationData = abi.encode(msg.sender, 0, initializationData);
      borrower.modify{value: msg.value}(boostManager, initializationData, oracleSeed);//@audit reentrancy.
  }

  Impact

  Loss of NFT when sent to a smart contract that cannot handle NFT

Code Snippet

• https://github.com/sherlock-audit/2023-10-aloe/blob/main/aloe-ii/periphery/src/boost/BoostNFT.sol#L65

Tool used

Manual Review

Recommendation

use _safeMint(...) instead of _mint(...)

[sherlock-admin2]

3 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, because BoostNFT.sol is out of scope

tsvetanovv commented:

Invalid. See Sherlock docs

MohammedRizwan commented:

invalid as boostNFT.sol is not in scope also invalid per sherlock rule