First Flight #15: Mondrian Wallet
First Flight #15
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`MondrianWallet.sol::tokenURI` does not give a random or equal distribution of the Mondrian art paintings.

coffee

Summary

MondrianWallet.sol does not give a verifiably random or equal distribution of the Mondrian art paintings.

Vulnerability Details

Currently there is a 10% chance for ART_ONE, ART_TWO, and ART_THREE and a 70% chance for ART_FOUR.

function tokenURI(uint256 tokenId) public view override returns (string memory) {
if (ownerOf(tokenId) == address(0)) {
revert MondrainWallet__InvalidTokenId();
}
@> uint256 modNumber = tokenId % 4;
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}
}

Impact

As per the documentation, you should get a random Mondriant art painting NFT when you use the MondrianWallet. The painting should be random and there should be an equal distribution of each of the 4 types. This means that there should be an equal 25% chance to get each of the four paintings.

Tools Used

--Foundry/Hardhat

Recommendations

Use an Oracle service such a Chainlink VRF to select a random number to have an equal and random distribution of each Mondrian art painting.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

NFT's should have equal distribution

NFTs are not random

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.