Symbol "SPKY"
Summary
The symbol "SPKY" is passed directly into the ERC721 constructor, but is not defined as a variable or stored in your contract. To store and access it later in your own contract code, you can add a symbol variable.
Vulnerability Details
The contract lacks a defined symbol variable, yet it references "SPKY" as a symbol in the ERC721 constructor. This could lead to confusion, as the symbol is hardcoded and not stored in a variable accessible to the contract's functions.
Impact
The absence of a defined symbol may cause incompatibility with external applications that rely on a standardized symbol variable in ERC721 contracts. This could lead to unexpected errors or failure of integrations that attempt to read the token symbol directly from the contract.
Tools Used
Manual Review
Recommendations
Add a Symbol Variable: Define
string public symbol = "SPKY";within the contract to make the symbol accessible for external interactions.
-
Pass Variable to ERC721 Constructor: Use
ERC721("SpookyTreats", symbol)in the constructor, referencing the newsymbolvariable for consistency and clarity across the contract.contract SpookySwap is ERC721URIStorage, Ownable, ReentrancyGuard {uint256 public nextTokenId;string public symbol = "SPKY"; // Define symbol variablemapping(string => Treat) public treatList;string[] public treatNames;struct Treat {string name;uint256 cost; // Cost in ETH (in wei) to get one treatstring metadataURI; // URI for the NFT metadata}
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.