8 matches found
Upgraded Q -> 2 from #246 [1699029732469]
Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-03 The tokenURI is not compatible with the ERC721 standard Description function tokenURIuint256 safeId public view override returns string memory uri uri = nftRenderer.rendersafeId; tokenURI will call nftRenderer...
Upgraded Q -> 2 from #240 [1683052133668]
Judge has assessed an item in Issue 240 as 2 risk. The relevant finding follows: LOW‑11 tokenURI does not follow EIP-721 The EIP states that tokenURI "Throws if tokenId is not a valid NFT", which the code below does not do. If the NFT has not yet been minted, tokenURI should revert Proof Of Conce...
Mint Bio NFT with mismatched SVG
Lines of code Vulnerability details Impact The tokenURI function of a given NFT contract must represent truth about the given tokenid. The Bio contract allows for minting of NFTs using a bio string. The tokenURI of a minted Bio NFT in turn generates a JSON response. This JSON payload includes the...
Bio Protocol - tokenURI JSON injection
Lines of code Vulnerability details Impact The Bio Protocol allows users to mint Bio NFTs that represent user's bio. Once NFT is minted anyone can trigger tokenURI to retrieve JSON data with the bio and generated svg image. Example JSON content decoded from Base64: "name": "Bio 1", "description":...
Namespace tokenName has only emojis.
Lines of code Vulnerability details Impact The tokenName and image of Namespace should always be the same. The image is correct but the tokenName only consists of emojis. Duplicate names are checked on the tokenName and not on the image. Because of this a tile of font class 1 with character index...
CidNFT: Broken tokenURI function
Lines of code Vulnerability details CidNFTtokenURI does not convert the uint256 id argument to a string before interpolating it in the token URI: /// @notice Get the token URI for the provided ID /// @param id ID to retrieve the URI for /// @return tokenURI The URI of the queried token path to a...
When minting legendary NFT, non-legendary NFTs are burned, but burned token approval is not revoked, burned NFT TokenURI still accessible after burning.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When minting legendary NFT, non-legendary NFTs are burned, only the owner of the burned nft is set to 0, emit Transfermsg.sender, getGobblerDataid.owner = address0, id; but burned token approval is not...
NFT owner can change tokenURI
Lines of code Vulnerability details Impact In the ERC721OnChain implementation the token owner can set the token's URI using setTokenURI. Usually, this is token URI points to data defining the NFT attributes, images, etc.. It's usually set by the contract owner. A user that owns an NFT can just...