Submission Details
Severity:
Non-compliance with EIP-721 in `tokenURI()` Implementation
Summary
According to EIP-721, the tokenURI() function should revert if the token ID passed is not a valid NFT.
Vulnerability Details
If the NFT has not been minted, tokenURI() should revert as per the EIP-721 standard.
File: contracts/SmartVaultManagerV5.sol
93: function tokenURI(uint256 _tokenId) public view virtual override returns (string memory) {
ISmartVault.Status memory vaultStatus = ISmartVault(smartVaultIndex.getVaultAddress(_tokenId)).status();
return INFTMetadataGenerator(nftMetadataGenerator).generateNFTMetadata(_tokenId, vaultStatus);
}
Tools Used
VSCode
Recommendations
add a check to tokenURI function and revert if NFT doesn't exist
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.