Skip to content

Latest commit

 

History

History
14 lines (9 loc) · 1.33 KB

16.md

File metadata and controls

14 lines (9 loc) · 1.33 KB

Unsafe ERC721 Operations

Description:

Transferfrom function OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible. Usage of safeTransferFrom prevents loss, though the caller must understand this adds an external call which potentially creates a reentrancy vulnerability.

mint function _mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both open OpenZeppelin and solmate have versions of this function so that NFTs aren’t lost if they’re minted to contracts that cannot transfer them back out.

References:

https://docs.openzeppelin.com/contracts/4.x/api/token/erc721#IERC721-transferFrom-address-address-uint256- code-423n4/2022-05-cally-findings#38