search

sherlock-audit / 2024-03-arrakis-judging

0 stars 0 forks source link

mgf15 - Use safeMint instead of mint for ERC721 #78

Closed sherlock-admin4 closed 1 month ago

sherlock-admin4 commented 1 month ago

mgf15

medium

Use safeMint instead of mint for ERC721

Summary

Use safeMint instead of mint for ERC721

Vulnerability Detail

function mint(address to_, uint256 tokenId_) external onlyOwner {
        _mint(to_, tokenId_);
    }

in the mint function if the to address is a contract address that does not support ERC721, the NFT can be frozen in the contract. As per the documentation of EIP-721:

A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.

Ref: https://eips.ethereum.org/EIPS/eip-721

Impact

Users possibly lose their NFTs

Code Snippet

https://github.com/sherlock-audit/2024-03-arrakis/blob/main/arrakis-modular/src/PALMVaultNFT.sol#L18C5-L20C6

function mint(address to_, uint256 tokenId_) external onlyOwner {
        _mint(to_, tokenId_);
    }

Tool used

Manual Review

Recommendation

Use safeMint instead of mint to check received address support for ERC721 implementation.