Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-BASIN-FINDINGS-ISSUES-235
HistoryJul 10, 2023 - 12:00 a.m.

Wherever possible, _safeMint() should be used rather than _mint()

2023-07-1000:00:00
Code4rena
github.com
7
_safemint
_mint
eoa
upgradable
vscode
JSON

[Lines of code](https://github.com/code-423n4/2023-07-basin/blob/main/mocks/tokens/MockToken.sol#L22&gt;, <https://github.com/code-423n4/2023-07-basin/blob/main/mocks/tokens/MockTokenFeeOnTransfer.sol#L27&gt;, <https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L441)

Vulnerability details

Impact

_mint() is not recommended in favour of _safeMint(), which guarantees that the recipient is either an EOA.

#Proof of Concept,
<https://github.com/code-423n4/2023-07-basin/blob/main/mocks/tokens/MockTokenFeeOnTransfer.sol#L27&gt;, <https://github.com/code-423n4/2023-07-basin/blob/main/src/Well.sol#L441&gt;

Tools Used

Vscode
use _safeMint() instead of _mint().

Assessed type

Upgradable

The text was updated successfully, but these errors were encountered:

All reactions

JSON