Submission Details
Severity:
The implementation of tokenURI does not comply with the standard.
Summary
The implementation of SmartVaultManagerV5.tokenURI() does not include a check for the existence of the token ID, which deviates from the standard.
Vulnerability Details
In the standard implementation of ERC721.tokenURI(), there is a check for the existence of the tokenId.
function tokenURI(uint256 tokenId) public view virtual returns (string memory) {
_requireOwned(tokenId);
string memory baseURI = _baseURI();
return bytes(baseURI).length > 0 ? string.concat(baseURI, tokenId.toString()) : "";
}
However, in SmartVaultManagerV5.tokenURI(), such a check is absent, deviating from the standard implementation.
function tokenURI(uint256 _tokenId) public view virtual override returns (string memory) {
ISmartVault.Status memory vaultStatus = ISmartVault(smartVaultIndex.getVaultAddress(_tokenId)).status();
return INFTMetadataGenerator(nftMetadataGenerator).generateNFTMetadata(_tokenId, vaultStatus);
}
Impact
It does not conform to the standard implementation.
Tools Used
Recommendations
It is recommended to check whether the token ID exists.
Updates
Lead Judging Commences
hrishibhat almost 2 years ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933
USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.