Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/11/03 12:0 a.m.13 views

Upgraded Q -> 2 from #246 [1699029732469]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-03 The tokenURI is not compatible with the ERC721 standard Description function tokenURIuint256 safeId public view override returns string memory uri uri = nftRenderer.rendersafeId; tokenURI will call nftRenderer...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/02 12:0 a.m.11 views

Upgraded Q -> 2 from #240 [1683052133668]

Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: LOW‑11 tokenURI does not follow EIP-721 The EIP states that tokenURI "Throws if tokenId is not a valid NFT", which the code below does not do. If the NFT has not yet been minted, tokenURI should revert Proof Of Conce...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.13 views

Mint Bio NFT with mismatched SVG

Lines of code Vulnerability details Impact The tokenURI function of a given NFT contract must represent truth about the given tokenid. The Bio contract allows for minting of NFTs using a bio string. The tokenURI of a minted Bio NFT in turn generates a JSON response. This JSON payload includes the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.16 views

Bio Protocol - tokenURI JSON injection

Lines of code Vulnerability details Impact The Bio Protocol allows users to mint Bio NFTs that represent user's bio. Once NFT is minted anyone can trigger tokenURI to retrieve JSON data with the bio and generated svg image. Example JSON content decoded from Base64: "name": "Bio 1", "description":...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.9 views

Namespace tokenName has only emojis.

Lines of code Vulnerability details Impact The tokenName and image of Namespace should always be the same. The image is correct but the tokenName only consists of emojis. Duplicate names are checked on the tokenName and not on the image. Because of this a tile of font class 1 with character index...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.8 views

CidNFT: Broken tokenURI function

Lines of code Vulnerability details CidNFTtokenURI does not convert the uint256 id argument to a string before interpolating it in the token URI: /// @notice Get the token URI for the provided ID /// @param id ID to retrieve the URI for /// @return tokenURI The URI of the queried token path to a...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/26 12:0 a.m.10 views

When minting legendary NFT, non-legendary NFTs are burned, but burned token approval is not revoked, burned NFT TokenURI still accessible after burning.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When minting legendary NFT, non-legendary NFTs are burned, only the owner of the burned nft is set to 0, emit Transfermsg.sender, getGobblerDataid.owner = address0, id; but burned token approval is not...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/02/25 12:0 a.m.9 views

NFT owner can change tokenURI

Lines of code Vulnerability details Impact In the ERC721OnChain implementation the token owner can set the token's URI using setTokenURI. Usually, this is token URI points to data defining the NFT attributes, images, etc.. It's usually set by the contract owner. A user that owns an NFT can just...

6.9AI score
Exploits0
Rows per page
Query Builder