Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

`MondrianWallet::tokenURI` is neither random nor has equal distribution, allowing users to choose their URIs

Summary

The MondrianWallet::tokenURI return URI value should be random and have equal distribution. The way that it was implemented is neither of them, enabling users to choose their URIs.

Vulnerability Details

MondrianWallet::tokenURI should return one of the 4 random Mondrian art paintings with equal probability. However, it does not use any randomness to determine a tokenId's URI. This way, any user can choose which art they want by just choosing a tokenId that results in the desired art.

Furthermore, since the lines that define the art URI are:

uint256 modNumber = tokenId % 10;
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}

and there are 4 art URIs, one can easily notice there is way more "probability" to result in the 4th art URI than the others.

Impact

Users can easily choose their URI by choosing which tokenId to mint.

Tools Used

Manual review.

Recommendations

Use a strong randomness source, such as Chainlink's VRF. To make it have equal probability, take the resultant number from the VRF service and do it % 4 instead of % 10.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

NFT's should have equal distribution

NFTs are not random

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.