Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

Overflow of tokenId in tokenURI function

Summary

The function tokenURI doesn't check for integer overflows.

Vulnerability Details

The function tokenURI doesn't check for integer overflows when calculating the art. Say the function tokenURI is called when the parameter -1 as tokenId
This leads to a calculation as follows:

uint256 modNumber = -1 % 10;

which equals to this massive number: 115792089237316195423570985008687907853269984665640564039457584007913129639935

Impact

Breaks the randomness of the NFT the protocol so claims to achieve as a user who passes a negative number will always get ART_FOUR

Tools Used

Manual review

Recommendations

There should be a check to prevent calling the function with a negative number, i.e
require(tokenId > 0, "token Id has to be greater than 0 to prevent overflows!")

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.