ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Using wrong function signatures `_baseUri()` and `baseUri()`

fyamf

Summary

During calculation of base uri, wrong signatures are defined, as a result, always getting base uri would be unsuccessful, and token uris would be used instead. This leads to forwarding empty base uri to L2 (although the NFT may have a valid base uri), leading to deploying collection L2 with incorrect base uri.

Vulnerability Details

When the function _callBaseUri is called, the wrong signatures _baseUri() and baseUri() are used.

bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseUri()"), abi.encodeWithSignature("baseUri()")];

https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/ethereum/src/token/TokenUtil.sol#L150

While, the standard function signatures are _baseURI() and baseURI().
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol#L88-L102

Impact

  • Wrong signature usage leads to forwarding wrong base uri to L2, leading to deploying collection L2 with incorrect base uri.

Tools Used

Recommendations

bool success;
uint256 returnSize;
uint256 returnValue;
bytes memory ret;
- bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseUri()"), abi.encodeWithSignature("baseUri()")];
+ bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseURI()"), abi.encodeWithSignature("baseURI()")];
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-baseUri-selector-instead-of-baseURI

Likelyhood: Medium, no token using OZ version 2.X and 3.X will work. Impact: Low, Valid standard token won’t be mint with the URI but owner can use ERC721UriImpl function on the deployed token.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.