The MondrianWallet::tokenURI
return URI value should be random and have equal distribution. The way that it was implemented is neither of them, enabling users to choose their URIs.
MondrianWallet::tokenURI
should return one of the 4 random Mondrian art paintings with equal probability. However, it does not use any randomness to determine a tokenId
's URI. This way, any user can choose which art they want by just choosing a tokenId
that results in the desired art.
Furthermore, since the lines that define the art URI are:
and there are 4 art URIs, one can easily notice there is way more "probability" to result in the 4th art URI than the others.
Users can easily choose their URI by choosing which tokenId
to mint.
Manual review.
Use a strong randomness source, such as Chainlink's VRF. To make it have equal probability, take the resultant number from the VRF service and do it % 4
instead of % 10
.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.