ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

wrong signature is used in `_callBaseUri` leading to get null base uri

AllTooWell

Summary

Wrong signature is used in _callBaseUri leading to get null base uri.

Vulnerability Details

TokenUtil.sol::_callBaseUri

bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseUri()"), abi.encodeWithSignature("baseUri()")];

For ERC721, baseURI and _baseURI are widely used functions to get base URI.
For example, openzeppelin's ERC721:

function _baseURI() internal view virtual returns (string memory) {

return "";

}

The signature of baseURI and baseUri is different. And the siganature of _baseURI and _baseUri is different. The wrong signature is used here.

POC

remix:

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

contract Signature {

function getSignature_1() public pure returns (bytes memory) {

return abi.encodeWithSignature("baseUri()");

}

function getSignature_2() public pure returns (bytes memory) {

return abi.encodeWithSignature("baseURI()");

}

function getSignature_3() public pure returns (bytes memory) {

return abi.encodeWithSignature("_baseUri()");

}

function getSignature_4() public pure returns (bytes memory) {

return abi.encodeWithSignature("_baseURI()");

}

Output:

getSignature_1 → 0:bytes: 0x9abc8320

getSignature_2 → 0:bytes: 0x6c0360eb

getSignature_3 → 0:bytes: 0x3e63eb2a

getSignature_4 → 0:bytes: 0x743976a0

Impact

Wrong signature is used in _callBaseUri leading to get null base uri.

Tools Used

manual and remix

Recommendations

- bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseUri()"), abi.encodeWithSignature("baseUri()")];

+ bytes[2] memory encodedSignatures = [abi.encodeWithSignature("_baseURI()"), abi.encodeWithSignature("baseURI()")];

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-baseUri-selector-instead-of-baseURI

Likelyhood: Medium, no token using OZ version 2.X and 3.X will work. Impact: Low, Valid standard token won’t be mint with the URI but owner can use ERC721UriImpl function on the deployed token.

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.