yy
medium
NFT can be locked when calling registerLoan() function to mint it to a contract that does not support ERC721 protocol
If minting ERC721 tokens to contract addresses that do not support the ERC721 protocol, which can lead to locked and irretrievable tokens.
When calling the registerLoan() function, the ERC721Upgradeable's _mint() will be called for minting an NFT .
The registerLoan() from LenderManager - registerLoan().
The OpenZeppelin's ERC721Upgradeable contract's _mint function is used to mint the NFT to a receiver. If such receiver is a contract that does not support the ERC721 protocol, the NFT will be locked and cannot be retrieved.
Based on OpenZeppelin's documentation for _mint also suggested "Usage of this method is discouraged, use _safeMint whenever possible".
POC The following steps can occur when minting an NFT:
- When the
registerLoan()called - The OpenZeppelin's ERC721Upgradeable contract's _mint function is called with the sender or to used in Step 1 as the receiver address.
- Since calling the OpenZeppelin's ERC721Upgradeable contract's _mint function does not execute the same contract's _checkOnERC721Received function, it is unknown if the receiving contract inherits from the IERC721ReceiverUpgradeable interface and implements the onERC721Received function or not. It is possible that the receiving contract does not support the ERC721 protocol, which causes the minted NFT to be locked.
If minting ERC721 tokens to contract addresses that do not support the ERC721 protocol, which can lead to locked and irretrievable tokens.
https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/LenderManager.sol#L14-L18 https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/LenderManager.sol#L45
Manual Review
Use _safeMint() to replace _mint()
_safeMint(_newLender, _bidId);