Use safeTransferFrom instead of transferFrom for ERC721 transfers

[code423n4]

Lines of code

https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L748
https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/utils/GobblerReserve.sol#L38

Vulnerability details

Proof of Concept

It is good to add a require() statement that checks the return value of token transfers or to use something like solmate safeTransferFrom(), unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of transfers and affect token accounting in contract.

The same case in : code-423n4/2022-05-cally-findings#38

Tools Used

Manual Review

Recommended Mitigation Steps

It is usually good to add a require-statement that checks the return value or to use something like safeTransferFrom; unless one is sure the given token reverts in case of a failure and Call the safeTransferFrom() method instead of transferFrom() for NFT transfers.Note that the ArtGobblers.sol contract should inherit the ERC721Receiver contract as a consequence but i didn't found any of them on solmate .

[Shungy]

This is similar to cally one but I don't think they are the same. Cally one can result in stealing valuable NFTs. (nonetheless I think cally one was also judged too high severity).
Here, gobbling just increases a counter that has no effect in other function logic. If a non-standard NFT contract causes the counter to increase without actually transferring, then it is likely that NFT address is not worthy of whitelisting in the UI to show in the belly gallery.

[GalloDaSballo]

Dup of #322

[GalloDaSballo]

L