Summary

The LEGEND_SNEK_URI stores the image URI of rare snek instead of the json metadata URI of legend snek.

The tokenURI is expected to return the json URI for an NFT with some metadata contents inside it but LEGEND_SNEK_URI stores the image URI of rare snek, resulting in tokenURI returning incorrect value.

Vulnerability Details

• The vulnerability has occurred due to LEGEND_SNEK_URI storing incorrect URI and is not the actual tokenURI of legend cosmic snek.

• LEGEND_SNEK_URI is mapped with LEGEND in mapping rarityToTokenURI, therefore the mapping also stores wrong URI for legend snek rarity.

• And along with that the function tokenURI is expected to return the token URI of a user's NFT associated with the token id, but mapping rarityToTokenURI storing incorrect tokenURI for legend rarity snek will result in tokenURI returning incorrect value.

Impact

• tokenURI returns incorrect value.

• User's who won legend cosmic snek will get the image of rare snek, as tokenURI will return the image of rare snek instead of the json metadata URI of legend snek.

Tools Used

Manual Review

Recommendations

• First upload the legend snek on ipfs to get its image ipfs hash, and then create the json metadata in the similar way as created for other snek's, then upload the json metadata on ipfs to get its ipfs hash.

• The ipfs hash of json metadata will be the actual LEGEND_SNEK_URI.