Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

Wrong Rarity of 4th URI in `MondrianWallet::tokenURI`

[M-1] Wrong Rarity of 4th URI in MondrianWallet::tokenURI

Description: The tokenURI function returns the URI of any given tokenId, but since there is only 4 URIs the tokenId should be moded by 4 not 10.

Impact: This will caues URIs 1 to 3 to be rare despite the protocol docs stating all have same rarity.

Proof of Concept:

function tokenURI(
uint256 tokenId
) public view override returns (string memory) {
if (ownerOf(tokenId) == address(0)) {
revert MondrainWallet__InvalidTokenId();
}
@> uint256 modNumber = tokenId % 10;
//@audit rarity is wrong 10% for 1 2 3 and 70% for 4
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}
}

Recommended Mitigation: Just mod tokeId by 4 instead of 10:

function tokenURI(
uint256 tokenId
) public view override returns (string memory) {
if (ownerOf(tokenId) == address(0)) {
revert MondrainWallet__InvalidTokenId();
}
- uint256 modNumber = tokenId % 10;
+ uint256 modNumber = tokenId % 4;
//@audit rarity is wrong 10% for 1 2 3 and 70% for 4
if (modNumber == 0) {
return ART_ONE;
} else if (modNumber == 1) {
return ART_TWO;
} else if (modNumber == 2) {
return ART_THREE;
} else {
return ART_FOUR;
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

NFT's should have equal distribution

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.