GivingThanks

Root Cause and Impact

• Root Cause: The _createTokenURI function constructs metadata without validating or sanitizing inputs.

• Impact: Attackers could manipulate inputs to include malicious data in the token metadata.

Vulnerability Details

• Potential Issues:

  • Injection of unexpected characters or scripts in metadata.

  • Malformed JSON leading to client-side parsing errors.

Recommendations

• Validate and Sanitize Inputs:

  • Ensure all inputs are within expected ranges and formats.

  • Escape or encode characters that could disrupt JSON structure.

• Use Structured Data Formats:

  • Consider using a JSON library to construct the metadata safely.

    function _createTokenURI(address donor, uint256 date, uint256 amount) internal pure returns (string memory) {

    bytes memory data = abi.encodePacked(

    '{"donor":"', Strings.toHexString(uint160(donor), 20),

    '","date":', Strings.toString(date),

    ',"amount":', Strings.toString(amount),

    '}'

    );

    // Encode and return

    }