The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

SmartVaultManagerV5 does not follow EIP-721 correctly

0xasen

Summary

SmartVaultManagerV5 is an ERC721 token, however, it does not follow EIP-721 correctly.

Vulnerability Details

The EIP states that tokenURI() "Throws if _tokenId is not a valid NFT", which the code below does not do. If the NFT has not yet been minted, tokenURI() should revert:

function tokenURI(uint256 _tokenId) public view virtual override returns (string memory) {
ISmartVault.Status memory vaultStatus = ISmartVault(smartVaultIndex.getVaultAddress(_tokenId)).status();
return INFTMetadataGenerator(nftMetadataGenerator).generateNFTMetadata(_tokenId, vaultStatus);
}

Similar issues accepted as Medium in other contests: 1, 2

Impact

SmartVaultManagerV5 contract that is supposed to comply with the standard does not follow the specification.
If other protocols integrate with this contract, they'll expect the standard EIP-721 behavior. However, the current implementation does not conform fully to the standard.

Tools Used

Manual review

Recommendations

Revert tokenURI() if _tokenId is not a valid NFT.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

0xasen Submitter
almost 2 years ago
hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

eip-compliance

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!