The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

tokenURI(uint256) function on SmartVaultManager does not comply ERC721 - Metadata specification

matejdb

Summary

According to the standard, the tokenURI method must be reverted if a non-existent tokenId is passed. In Smart Vault Manager contract that is not the case but it relies on external contracts. This is a violation of the erc721 spec.

Vulnerability Details

tokenUri(uint256) method should implement a check to see if the passed nft id exists. Not checking this on the smart vault manager contract but rather relying on external contracts can lead to unexpected behavior.

Impact

In the worst case scenario, due to some mishap or bug, a non existing nft would have metadata generated as if it existed.

Tools Used

Manual review

Recommendations

Add a nft id exists checker to the contract method.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

eip-compliance

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.