[M-1] Wrong Rarity of 4th URI in MondrianWallet::tokenURI
Description: The tokenURI function returns the URI of any given tokenId, but since there is only 4 URIs the tokenId should be moded by 4 not 10.
Impact: This will caues URIs 1 to 3 to be rare despite the protocol docs stating all have same rarity.
Proof of Concept:
function tokenURI(
uint256 tokenId
) public view override returns (string memory) {
if (ownerOf(tokenId) == address(0)) {
revert MondrainWallet__InvalidTokenId();
}
@> uint256 modNumber = tokenId % 10;
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}
}
Recommended Mitigation: Just mod tokeId by 4 instead of 10:
function tokenURI(
uint256 tokenId
) public view override returns (string memory) {
if (ownerOf(tokenId) == address(0)) {
revert MondrainWallet__InvalidTokenId();
}
- uint256 modNumber = tokenId % 10;
+ uint256 modNumber = tokenId % 4;
//@audit rarity is wrong 10% for 1 2 3 and 70% for 4
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}
}