`_safeMint()` should be used rather than `_mint()` wherever possible
Opened this issue · 7 comments
Lines of code
Vulnerability details
_mint()
is discouraged in favor of _safeMint()
which ensures that the recipient is either an EOA or implements IERC721Receiver
. Both OpenZeppelin and solmate have versions of this function. In the cases below, _mint()
does not call ERC721TokenReceiver.onERC721Received()
on the recipient.
File: contracts/YieldBox.sol
139: _mint(to, assetId, share);
178: _mint(to, assetId, 1);
204: _mint(to, assetId, share);
Assessed type
other
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.
@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.