tokenURI
returns the URI of a token. However, this function contains several problems:
It returns an URI for an arbitrary tokenId
and not the one owned by the wallet.
Randomness is just tokenId % 10
which allows every user to create several wallets or wait to have the image they want (by watching the mempool, it's easily possible to anticipate the next tokenId
).
Documentation specifies that every painting has the same probability to be distributed. The code uses a modulo 10 and ART_FOUR
is distributed every time the result is not 0, 1, or 2. It means there is a 7/10 chance to have ART_FOUR
and 1/10 to have the others. That's not equal probability.
Likelyhood: High
Every wallet creation.
Impact:
Probabilities are not fair.
Randomness is easily predictable.
Use an oracle to generate a random number.
Use a modulo 4 to have an equal repartition of paintings.
Return the URI of the token owned by the wallet and make the NFT soulbound.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.