`_safeMint()` should be used rather than `_mint()` wherever possible

Question

`_safeMint()` should be used rather than `_mint()` wherever possible

Opened this issue 9 months ago · 7 comments

Lines of code

Vulnerability details

_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, _mint() does not call ERC721TokenReceiver.onERC721Received() on the recipient.

File: contracts/YieldBox.sol

139:         _mint(to, assetId, share);

178:         _mint(to, assetId, 1);

204:         _mint(to, assetId, share);

Assessed type

other

Answer 1 · 2024-04-01T21:02:18.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

Answer 2 · 2024-04-01T21:02:19.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

Answer 3 · 2024-04-01T21:02:19.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

Answer 4 · 2024-04-01T21:02:21.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

Answer 5 · 2024-04-05T18:59:52.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.

Answer 6 · 2024-04-05T18:59:54.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.

Answer 7 · 2024-04-05T18:59:55.000Z

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.