Sablier
Sablier
DeFiFoundry
53,440 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

tokenURI does not comply with ERC721 - Metadata specification

MSaptarshi007

Summary

According to the standard, the tokenURI method must be reverted if a non-existent tokenId is passed. In the SablierV2NFTDescriptor.sol contract, this point was ignored. What leads to a violation of the EIP721 spec.

Vulnerability Details

The responsibility for checking whether a token exists is missing on the SablierV2NFTDescriptor implementation,

function tokenURI(IERC721Metadata sablier, uint256 streamId) external view override returns (string memory uri) {
TokenURIVars memory vars;
// Load the contracts.
vars.sablier = ISablierV2Lockup(address(sablier));
vars.sablierModel = mapSymbol(sablier);
vars.sablierStringified = address(sablier).toHexString();
vars.asset = address(vars.sablier.getAsset(streamId));
vars.assetSymbol = safeAssetSymbol(vars.asset);
vars.depositedAmount = vars.sablier.getDepositedAmount(streamId)
....
.....

Impact

According to the standard, the tokenURI method must revert if a non-existent tokenId is passed. In the contract, this requirement was overlooked, leading to a violation of the EIP-721 specification

Tools Used

https://eips.ethereum.org/EIPS/eip-721#specification

Recommendations

Add a check for nft id existances

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.