10 matches found
_safeMint() should be used rather than _mint() wherever possible
Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...
Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called
Lines of code Vulnerability details Impact An attacker can : Exceed the per address allowance in Fixed Price Sale, Exponential Descending Sale and Linear Descending Sale modes. Cause a loss for another user in Burn-to-Mint mode by accepting an offer when onERC721Received is triggered. Proof of...
_safeMint() should be used rather than _mint() wherever possible
Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...
Wherever possible, _safeMint() should be used rather than _mint()
Lines of code Vulnerability details Impact mint is not recommended in favour of safeMint, which guarantees that the recipient is either an EOA. Proof of Concept, , Tools Used Vscode use safeMint instead of mint. Assessed type Upgradable --- The text was updated successfully, but these errors were...
Use of _mint in ReraiseETHCrowdfund#_contribute is incompatible with PartyGovernanceNFT#mint
Lines of code Vulnerability details Impact Misconfigured receiver could accidentally DOS party Proof of Concept ReraiseETHCrowdfund.solL238 if previousVotingPower == 0 mintcontributor; - @audit-issue standard minting here ReraiseETHCrowdfund.solL374 uint256 tokenId = party.mintcontributor,...
[NAZ-H1] Reentrancy From Use of _safeMint()
Lines of code Vulnerability details Impact The mint function is used to mint a new position NFT and is only callable by minter. This function uses safeMint to mint these position NFTs which has been known in the past to have Reentrancy issues. Proof of Concept The dangers of surprising code by...
_safeMint should be used to work with smart contract address
Lines of code Vulnerability details Fix safeMint should be used if you are sending the minted token to a Contract that is capable to manage NFTs or not. This is to prevent tokens to be lost. Recommended Mitigation Steps Replace mint with safeMint. Tools Used Manual review --- The text was updated...
Both _mint and _safeMint are used to mint NFTs
Handle palina Vulnerability details Impact Both mint and safeMint functions are used to mint ERC721 NFTs in Claimers and Depositors, respectively. The usage of the mint is, however, discouraged by the used ERC721 implementation see PoC section, in favor of its safe counterpart. Proof of Concept...
_generateNewTokenId can create collisions
Handle sirhashalot Vulnerability details Impact The ERC721 standard requires that "for any ERC-721 Contract, the pair contract address, uint256 tokenId must be globally unique" quoted from . However, the generateNewTokenId function can produce tokenId values that are not globally unique. This wou...
Missing burn function in _unlock function
Handle Tomio Vulnerability details Impact In the XDEFIDistribution.sol, a user can lock xdefi token and get an erc721/nft token through safeMint function, however when the user call unlock function this contract will delete the position of this user, but didnt call the burn function in ERC721...