Summary

MondrianWallet::tokenURI uses a modulo operation to assign NFT artworks based on the token ID, which results in an unequal distribution of the artworks, particularly impacting the availability of ART_FOUR.

Vulnerability Details

MondrianWallet::tokenURI is designed to return a URI for a Mondrian art piece associated with a specific NFT token ID. It employs a modulo operation (tokenId % 10) to select one of four art URIs. However, due to this method, the distribution of the art pieces becomes uneven. Specifically, ART_FOUR will be over-represented compared to the other artworks, because all token IDs resulting in a remainder of 3 to 9 (7 out of 10 possibilities) will be assigned ART_FOUR.

Impact

This uneven distribution might lead to diminished value or interest in more frequently assigned artworks, potentially affecting the perceived rarity and value of the NFTs.

Tools Used

Manual review

Recommendations

To ensure an equal distribution of artworks, consider modifying the modNumber calculation to cycle through the art pieces evenly:

Adjusting the modulo operation from % 10 to % 4 ensures each artwork is assigned to exactly 25% of the token IDs.