First Flight #11: Snek-Raffle

First Flight #11

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

`tokenURI` override is not compliant with the ERC721 standard

emacab98

Summary

The function tokenURI is overridden without adhering to the ERC721 standard, as it does not throw the expected errors, nor does it return the correct data type.

Vulnerability Details

In the list of functions exported from the ERC721 standard, there is a commented line, stating that one of the standard function will be overridden:
# ERC721.tokenURI, we are overriding this function

The natspec for the standard ERC721 tokenURI function is the following one:

@dev Returns the Uniform Resource Identifier (URI)

for `token_id` token.

@notice Throws if `token_id` is not a valid ERC-721 token.

@param token_id The 32-byte identifier of the token.

@return String The maximum 512-character user-readable string token URI of the `token_id` token.

However, looking at the overridden function, it is obvious that there are two implementation errors:

the function does not throw an error, but it actually returns a common rarity URI for non existing NFTs
the function returns a String[53] instead of the expected String[512]

To test that the function does not fail nor throw any error, the following test can be added to the test suite:

def test_tokenURI_doesNotThrow(raffle_boa):

supply = raffle_boa.totalSupply()

does_not_revert = raffle_boa.tokenURI(supply + 100)

Impact

The function is non-compliant with the ERC721 standard. The impact is twofold:

integrating into the existing environment will prove difficult, if the defined standard is not adhered to completely
the behavior and the returned values are logically wrong, as the function never fails, even for non-existing NFTs

Tools Used

Manual review, VSCode, Pytest

Recommendations

Fix the two issues that differ from standard, expected behavior.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Rewards breakdown

nSLOC

136

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.