add max supply check on mintSeaDrop for extra security

src/ERC721PartnerSeaDrop.sol

@@ -65,6 +65,14 @@ contract ERC721PartnerSeaDrop is ERC721SeaDrop, TwoStepAdministered {
         override
         onlyAllowedSeaDrop(msg.sender)
     {
+        // Extra safety check to ensure the max supply is not exceeded.
+        if (_totalMinted() + quantity > maxSupply()) {
+            revert MintQuantityExceedsMaxSupply(
+                _totalMinted() + quantity,
+                maxSupply()
+            );
+        }
+
         // Mint the quantity of tokens to the minter.
         _mint(minter, quantity);
     }

src/ERC721SeaDrop.sol

@@ -40,6 +40,9 @@ contract ERC721SeaDrop is
     INonFungibleSeaDropToken,
     ReentrancyGuard
 {
+    /// @notice Revert with an error if mint exceeds the max supply.
+    error MintQuantityExceedsMaxSupply(uint256 total, uint256 maxSupply);
+
     /// @notice Track the allowed SeaDrop addresses.
     mapping(address => bool) internal _allowedSeaDrop;
 
@@ -156,10 +159,9 @@ contract ERC721SeaDrop is
      *         transferring minted tokens, as SeaDrop references these values
      *         to enforce token limits on a per-wallet and per-stage basis.
      *
-     *         ERC721A tracks these values automatically, and this contract
-     *         does not use _safeMint(), but this note and nonReentrant
-     *         modifier are left here to encourage best-practices when
-     *         referencing this contract.
+     *         ERC721A tracks these values automatically, but this note and
+     *         nonReentrant modifier are left here to encourage best-practices
+     *         when referencing this contract.
      *
      * @param minter   The address to mint to.
      * @param quantity The number of tokens to mint.
@@ -172,8 +174,16 @@ contract ERC721SeaDrop is
         onlyAllowedSeaDrop(msg.sender)
         nonReentrant
     {
+        // Extra safety check to ensure the max supply is not exceeded.
+        if (_totalMinted() + quantity > maxSupply()) {
+            revert MintQuantityExceedsMaxSupply(
+                _totalMinted() + quantity,
+                maxSupply()
+            );
+        }
+
         // Mint the quantity of tokens to the minter.
-        _mint(minter, quantity);
+        _safeMint(minter, quantity);
     }
 
     /**

test/ERC721PartnerSeaDrop.spec.ts

@@ -353,6 +353,8 @@ describe(`ERC721PartnerSeaDrop (v${VERSION})`, function () {
   });
 
   it("Should only let allowed seadrop call seaDropMint", async () => {
+    await token.setMaxSupply(1);
+
     await whileImpersonating(
       seadrop.address,
       provider,
@@ -362,6 +364,10 @@ describe(`ERC721PartnerSeaDrop (v${VERSION})`, function () {
         )
           .to.emit(token, "Transfer")
           .withArgs(ethers.constants.AddressZero, minter.address, 1);
+
+        await expect(
+          token.connect(impersonatedSigner).mintSeaDrop(minter.address, 1)
+        ).to.be.revertedWith("MintQuantityExceedsMaxSupply(2, 1)");
       }
     );
 

test/ERC721SeaDrop.spec.ts

@@ -217,6 +217,8 @@ describe(`ERC721SeaDrop (v${VERSION})`, function () {
   });
 
   it("Should only let allowed seadrop call seaDropMint", async () => {
+    await token.setMaxSupply(1);
+
     await whileImpersonating(
       seadrop.address,
       provider,
@@ -226,6 +228,10 @@ describe(`ERC721SeaDrop (v${VERSION})`, function () {
         )
           .to.emit(token, "Transfer")
           .withArgs(ethers.constants.AddressZero, minter.address, 1);
+
+        await expect(
+          token.connect(impersonatedSigner).mintSeaDrop(minter.address, 1)
+        ).to.be.revertedWith("MintQuantityExceedsMaxSupply(2, 1)");
       }
     );