GivingThanks

[M-2] The use of abi.encodePacked() in GivingThanks::_createTokenURI function Leads to Non-unique NFTs with the same metadata.

Relevant Github link:

1. https://github.com/Cyfrin/2024-11-giving-thanks/blob/304812abfc16df934249ecd4cd8dea38568a625d/src/GivingThanks.sol#L38

2. https://github.com/Cyfrin/2024-11-giving-thanks/blob/304812abfc16df934249ecd4cd8dea38568a625d/src/GivingThanks.sol#L53

Description: abi.encodePacked concatenates values into a single byte array, which is then base64-encoded. However, this function can lead to data collisions if not used carefully, especially if the inputs are not inherently unique.
Here, while concatenating donor address, date, and amount, encodePacked produces a single result based on the input values alone. Since these values can repeat under similar conditions (especially date and amount), it becomes possible to create multiple tokens with identical URIs, creating non-unique NFTs.

Impact: One of the protcol's objective is to give unique NFTs to donors, but with this issue that leads to non-unique NFTs sabotages that objective.

Recommended Mitigation:

1. Include GivingThanks::tokenCounter variable to the GivingThanks::_createTokenURI making each NFT will have a unique identifier tied to its creation, ensuring uniqueness across tokens.

2. Switch from abiencodePacked() to abi.encode().