in the mint function if the to address is a contract address that does not support ERC721, the NFT can be frozen in the contract.
As per the documentation of EIP-721:
A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.
mgf15
medium
Use safeMint instead of mint for ERC721
Summary
Use safeMint instead of mint for ERC721
Vulnerability Detail
in the mint function if the
to
address is a contract address that does not support ERC721, the NFT can be frozen in the contract. As per the documentation of EIP-721:Ref: https://eips.ethereum.org/EIPS/eip-721
Impact
Users possibly lose their NFTs
Code Snippet
https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/PALMVaultNFT.sol#L18C5-L20C6
Tool used
Manual Review
Recommendation
Use safeMint instead of mint to check received address support for ERC721 implementation.