Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

`tokenURI` override is not compliant with the ERC721 standard

Summary

The function tokenURI is overridden without adhering to the ERC721 standard, as it does not throw the expected errors, nor does it return the correct data type.

Vulnerability Details

In the list of functions exported from the ERC721 standard, there is a commented line, stating that one of the standard function will be overridden:
# ERC721.tokenURI, we are overriding this function

The natspec for the standard ERC721 tokenURI function is the following one:

@dev Returns the Uniform Resource Identifier (URI)
for `token_id` token.
@notice Throws if `token_id` is not a valid ERC-721 token.
@param token_id The 32-byte identifier of the token.
@return String The maximum 512-character user-readable string token URI of the `token_id` token.

However, looking at the overridden function, it is obvious that there are two implementation errors:

  1. the function does not throw an error, but it actually returns a common rarity URI for non existing NFTs

  2. the function returns a String[53] instead of the expected String[512]

To test that the function does not fail nor throw any error, the following test can be added to the test suite:

def test_tokenURI_doesNotThrow(raffle_boa):
supply = raffle_boa.totalSupply()
does_not_revert = raffle_boa.tokenURI(supply + 100)

Impact

The function is non-compliant with the ERC721 standard. The impact is twofold:

  1. integrating into the existing environment will prove difficult, if the defined standard is not adhered to completely

  2. the behavior and the returned values are logically wrong, as the function never fails, even for non-existing NFTs

Tools Used

Manual review, VSCode, Pytest

Recommendations

Fix the two issues that differ from standard, expected behavior.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.