Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Hardcoded SVG Limits Flexibility in tokenURI

hackz

Summary

The tokenURI function in FlowNFTDescriptor.sol contains a hardcoded SVG image, limiting customization options for different NFTs.

Vulnerability Details

The hardcoded SVG data within the tokenURI function restricts flexibility, as each NFT generated will display the same image. This approach limits the ability to represent unique characteristics based on parameters like streamId or sablierFlow.

Impact

This lack of customization reduces the NFT's adaptability and uniqueness, which could affect its value and utility within dynamic applications.

Proof of Concept

Each call to tokenURI returns the same base64-encoded SVG, regardless of streamId or sablierFlow values.

Recommendations

Consider dynamically generating the SVG based on streamId or other parameters to support unique visuals for each NFT.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.