Use _safeMint()
instead of _mint()
#312
Labels
bug
Something isn't working
old-submission-method
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L439
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L480
Vulnerability details
Impact
OpenZeppelin recommends the usage of
_safeMint()
instead of_mint()
. If the recipient is a contract, safeMint() checks whether they can handle ERC721 tokens.Proof of Concept
If the user provides an address that can't handle ERC721 tokens when calling
contribute()
to CrowdFund the minted token might be lost. That would also result in the user not being able to do any governance action (vote, delegate) on Partycontribute()
callable by a user:https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L191
Resulting in the following
_mint()
call:https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L439
And when CrowdFund token is burnt, it called
_mint()
on PartyGovernancehttps://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/Crowdfund.sol#L480
Tools Used
Manual Anaylsis
Recommended Mitigation Steps
Use
_safeMint()
whenever possibleThe text was updated successfully, but these errors were encountered: