The function tokenURI doesn't check for integer overflows.
The function tokenURI doesn't check for integer overflows when calculating the art. Say the function tokenURI is called when the parameter -1 as tokenId
This leads to a calculation as follows:
uint256 modNumber = -1 % 10;
which equals to this massive number: 115792089237316195423570985008687907853269984665640564039457584007913129639935
Breaks the randomness of the NFT the protocol so claims to achieve as a user who passes a negative number will always get ART_FOUR
Manual review
There should be a check to prevent calling the function with a negative number, i.e
require(tokenId > 0, "token Id has to be greater than 0 to prevent overflows!")
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.