`_safeMint()` should be used rather than `_mint()` wherever possible
code423n4 opened this issue · 0 comments
code423n4 commented
Lines of code
Vulnerability details
_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, _mint() does not call ERC721TokenReceiver.onERC721Received() on the recipient.
File: contracts/YieldBox.sol
139: _mint(to, assetId, share);
178: _mint(to, assetId, 1);
204: _mint(to, assetId, share);
Assessed type
other