Lack of Access Control on tokenURI Function
Summary
The tokenURI function is publicly accessible without access control, allowing any caller to interact with it.
Finding Description
The tokenURI function in FlowNFTDescriptor.sol is marked as external without any restrictions, allowing unrestricted access. While this does not currently present a security risk, it could become problematic if the function’s behavior is extended in the future to rely on sensitive data or generate unique data per user. Lack of access control in such a context could lead to data exposure or misuse by unauthorized parties.
If this function were to generate unique data for different callers, it could potentially expose sensitive information or lead to abuse by unauthorized users querying the function to retrieve or attempt to infer sensitive details.
Vulnerability Details
The vulnerability lies in the lack of access control on the tokenURI function, which is marked as external and accessible by anyone. This configuration is safe under the current implementation but lacks future-proofing if the function’s role expands to include sensitive data.
Impact
The impact is currently low but may escalate to medium or high if this function is extended to include sensitive or user-specific data. Keeping it publicly accessible without restrictions could lead to data leakage or abuse.
Proof of Concept
Recommendations
To mitigate potential future risks, consider changing the function to internal or public and restrict it through an access control modifier if sensitive data handling is anticipated.
Updated Code with Access Control
By implementing onlyOwner or another suitable access modifier, this approach restricts the function to specific authorized users.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.