`getTokenName` function doesn't properly handle tokens with non-string symbols.
Summary
Some tokens do not return a string metadata name/symbol and will always fail when the getTokenName function is queried for them. So querying URI for these tokens will be impossible. Some tokens don't have symbols at all.
Vulnerability Details
The protocol desires to work with all possible ERC-20 tokens, so getting beanstalk ERC1155 should ideally, not be an issue for the protocol. However, if the unpacked token is a token like MKR or the likes, which do not have string names or symbol, but rather are represented in bytes32 format. Some tokens also do not have symbols. These will cause the getTokenName to always fail, since it expects a string parameter.
Impact
Failure of the getTokenName function will cause the uri function in MetadataFacet.sol to always fails.
The function is also used in the generateImage function, where blackbars are created using the tokenName which also calls the getTokenName function. As a result, generating image for these token types will be impossible.
Tools Used
Manual Review
Weird ERC20 tokens
Recommendations
Recommend wrapping the getTokenName in a try catch block, so if the function fails, a custom string can be returned instead.
Lead Judging Commences
Informational/Gas
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Appeal created
Informational/Gas
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.