Zaros Part 1

Zaros

DeFiFoundry

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Metadata in `AccountNFT.sol` Contract

ua1552

Summary

There is no metadata available for the AccountNFT.sol.

Vulnerability Details

The NFT metadata includes details about the NFT, such as the NFT image, features, and other information. However, this metadata is currently missing in AccountNFT.sol. Metadata is crucial for displaying NFTs on NFT marketplaces and other DApps. Since this NFT represents the user's position, it should include a tokenURI for proper functionality.

// SPDX-License-Identifier: UNLICENSED

pragma solidity 0.8.25;

// Zaros dependencies

import { IPerpsEngine } from "@zaros/perpetuals/PerpsEngine.sol";

// Open Zeppelin dependencies

import { ERC721, ERC721Enumerable } from "@openzeppelin/token/ERC721/extensions/ERC721Enumerable.sol";

import { Ownable } from "@openzeppelin/access/Ownable.sol";

import { SafeCast } from "@openzeppelin/utils/math/SafeCast.sol";

contract AccountNFT is ERC721Enumerable, Ownable {

using SafeCast for uint256;

constructor(string memory name, string memory symbol, address owner) ERC721(name, symbol) Ownable(owner) { }

function mint(address to, uint256 tokenId) external onlyOwner {

// intentionally not using _safeMint

_mint(to, tokenId);

}

function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {

address previousOwner = super._update(to, tokenId, auth);

IPerpsEngine(owner()).notifyAccountTransfer(to, tokenId.toUint128());

return previousOwner;

}

Impact

Without metadata, the NFT image and features will be displayed as blank on NFT marketplaces, and there is a risk that the NFT might not be displayed at all.

Tools Used

Manual Review

Recommendations

Add a tokenURI function to the AccountNFT.sol contract to include the necessary metadata for proper NFT representation on marketplaces and other DApps.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,878

21 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!