Incorrect Token URI for Legendery Snek
[H-1] Incorrect Token URI for Legendery Snek
Description:
The smart contract assigns a token URI to each minted token, which is intended to point to a JSON file containing metadata for the token. However, for tokens of legendary snek rarity, the token URI is incorrectly set to point to an image file of rare snek instead of a JSON file.
Impact:
This will lead to minting a wrong NFT for the legendary snek.
Proof of Concept:
Upon opening the RARE_SNEK_URI IPFS link, a JSON file is retrieved that contains metadata for a rare snek token, including its name, description, image, and attributes. The JSON file is as follows:
However, the LEGEND_SNEK_URI IPFS link also points to the "image" ipfs of the RARE_SNEK_URI , indicating that the wrong content is being used for legendary snek tokens. This discrepancy is evident in the following code snippet:
Recommended Mitigation:
To resolve this issue, the contract should ensure that each type of snek token has a unique IPFS URI that points to its specific metadata and image. This can be done by updating the LEGEND_SNEK_URI constant to point to the correct JSON file for legendary snek tokens.
Lead Judging Commences
LEGEND_SNEK_URI is wrong
LEGEND_SNEK_URI is wrong
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.