Platform: Code4rena
Start Date: 09/11/2021
Pot Size: $75,000 USDC
Total HM: 57
Participants: 27
Period: 7 days
Judge: alcueca
Total Solo HM: 49
Id: 52
League: ETH
Rank: 23/27
Findings: 1
Award: $72.86
🌟 Selected for report: 1
🚀 Solo Findings: 0
72.8584 USDC - $72.86
Ruhum
OpenZeppelin recommends the usage of _safeMint() instead of _mint(). If the recipient is a contract, safeMint() checks whether they can handle ERC721 tokens.
If the user provides an address that can't handle ERC721 tokens when calling addLiquidity() the minted token might be lost. That would also result in the user not being able to redeem the token anymore.
addLiquidity() callable by a user:
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/router/VaderRouterV2.sol#L77
resulting in the following _mint() call:
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/BasePoolV2.sol#L209
Manual Anaylsis
Use _safeMint() whenever possible
#0 - SamSteinGG
2021-11-25T11:32:54Z
This is an explicit and intended design choice to allow multisignature wallets to work with the protocol.
#1 - alcueca
2021-12-11T05:03:47Z
It might be intended, but not explicit since it is not documented. The issue is valid.