The Ethereum bridge does not set the token URIs if the information has been sent
Summary
The Ethereum bridge does not set the token URIs if the information has been sent
Vulnerability Details
Looking into the Starknet implementation when an NFT is not escrowed (it means that it has been deployed by the bridge), if the token URIs from the request are set, it mints the NFTs and also sets the URI from the request. However, in the Ethereum implementation, if the Starknet bridge sent him the token URIs, it just mints the NFTs but without setting the token URIs.
Impact
Low
Tools Used
Manual review
Recommendations
Add the same functionality to the Ethereum bridge.
Lead Judging Commences
invalid-NFT-minted-without-baseURI-URIs-or-bridge-with-no-metadata
URI is not lost on the origin chain and it can be modified with `ERC721UriImpl`. As explained in the TODO below, that’s a design choice and it will be implemented as a future feature. https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/ethereum/src/Bridge.sol#L206 `ERC721Bridgable` is out of scope.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.