The LEGEND_SNEK_URI
stores the image URI of rare snek instead of the json metadata URI of legend snek.
The tokenURI is expected to return the json URI for an NFT with some metadata contents inside it but LEGEND_SNEK_URI
stores the image URI of rare snek, resulting in tokenURI
returning incorrect value.
The vulnerability has occurred due to LEGEND_SNEK_URI
storing incorrect URI and is not the actual tokenURI of legend cosmic
snek.
LEGEND_SNEK_URI
is mapped with LEGEND
in mapping rarityToTokenURI
, therefore the mapping also stores wrong URI for legend snek rarity.
And along with that the function tokenURI
is expected to return the token URI of a user's NFT associated with the token id, but mapping rarityToTokenURI
storing incorrect tokenURI for legend rarity snek will result in tokenURI
returning incorrect value.
tokenURI
returns incorrect value.
User's who won legend cosmic snek will get the image of rare snek, as tokenURI
will return the image of rare snek instead of the json metadata URI of legend snek.
Manual Review
First upload the legend snek on ipfs to get its image ipfs hash, and then create the json metadata in the similar way as created for other snek's, then upload the json metadata on ipfs to get its ipfs hash.
The ipfs hash of json metadata will be the actual LEGEND_SNEK_URI
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.