Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

b0g0_ctf - user (smart contract) can deposit ether and not get the NFT due to _mint function #36

Open
IkiliagwuC opened this issue Aug 12, 2024 · 1 comment
Open

b0g0_ctf - user (smart contract) can deposit ether and not get the NFT due to _mint function #36

IkiliagwuC opened this issue Aug 12, 2024 · 1 comment
Labels
Informational

Comments

@IkiliagwuC
Copy link

Impact: smart contracts interacting as users may not receive NFT

Description
in the deposit function _mint is used instead of _safeMint

        require(msg.value == depositRequired, "Incorrect ETH amount");

        _tokenIds.increment();
        uint256 newTokenId = _tokenIds.current();

        deposits[msg.sender] += msg.value;

        _mint(msg.sender, newTokenId);
    }

user can be a smart contract address which correctly implements the onERC721Received method, but it will not be called and tokens may be subsequently trapped.

solution : use _safeMint instead of _mint
@BogoCvetkov
Copy link
Collaborator

BogoCvetkov commented Aug 17, 2024
edited
Loading

Use of _mint is intentional. Readme for this contest state:

Assume depositors are the ones responsible for taking care that they can handle NFT's.

@BogoCvetkov BogoCvetkov added invalid This doesn't seem right Informational and removed invalid This doesn't seem right labels Aug 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Informational
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IkiliagwuC @BogoCvetkov