Skip to content

Latest commit

 

History

History
47 lines (24 loc) · 1.11 KB

044.md

File metadata and controls

47 lines (24 loc) · 1.11 KB

Handsome Pineapple Mustang

Medium

Use ERC721::_safeMint() instead of _mint()

Summary

function mint(address to) public onlyContract returns (uint256) { id++; _mint(to, id); return id; }

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/DebitaLoanOwnerships.sol#L34

Using ERC721::_mint() can mint ERC721 tokens to addresses which don't support ERC721 tokens, while ERC721::_safeMint() ensures that ERC721 tokens are only minted to addresses which support them. OpenZeppelin [discourages](https://github.com/dexe-network/DeXe-Protocol/tree/f2fe12eeac0c4c63ac39670912640dc91d94bda5/contracts/token/ERC721/ERC721.sol#L275) the use of _mint().

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Use _safeMint() instead of _mint() for ERC721.