Wrong signature is used in _callBaseUri
leading to get null base uri.
TokenUtil.sol::_callBaseUri
For ERC721, baseURI
and _baseURI
are widely used functions to get base URI.
For example, openzeppelin's ERC721:
The signature of baseURI
and baseUri
is different. And the siganature of _baseURI
and _baseUri
is different. The wrong signature is used here.
remix:
Output:
getSignature_1 → 0:bytes: 0x9abc8320
getSignature_2 → 0:bytes: 0x6c0360eb
getSignature_3 → 0:bytes: 0x3e63eb2a
getSignature_4 → 0:bytes: 0x743976a0
Wrong signature is used in _callBaseUri
leading to get null base uri.
manual and remix
Likelyhood: Medium, no token using OZ version 2.X and 3.X will work. Impact: Low, Valid standard token won’t be mint with the URI but owner can use ERC721UriImpl function on the deployed token.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.