Trick or Treat

Summary

The symbol "SPKY" is passed directly into the ERC721 constructor, but is not defined as a variable or stored in your contract. To store and access it later in your own contract code, you can add a symbol variable.

Vulnerability Details

The contract lacks a defined symbol variable, yet it references "SPKY" as a symbol in the ERC721 constructor. This could lead to confusion, as the symbol is hardcoded and not stored in a variable accessible to the contract's functions.

Impact

The absence of a defined symbol may cause incompatibility with external applications that rely on a standardized symbol variable in ERC721 contracts. This could lead to unexpected errors or failure of integrations that attempt to read the token symbol directly from the contract.

Tools Used

Manual Review

Recommendations

• Add a Symbol Variable: Define string public symbol = "SPKY"; within the contract to make the symbol accessible for external interactions.

• Pass Variable to ERC721 Constructor: Use ERC721("SpookyTreats", symbol) in the constructor, referencing the new symbol variable for consistency and clarity across the contract.

  contract SpookySwap is ERC721URIStorage, Ownable, ReentrancyGuard {

  uint256 public nextTokenId;

  string public symbol = "SPKY"; // Define symbol variable

  mapping(string => Treat) public treatList;

  string[] public treatNames;

  struct Treat {

  string name;

  uint256 cost; // Cost in ETH (in wei) to get one treat

  string metadataURI; // URI for the NFT metadata

  }