Project

One World
NFTDeFi
15,000 USDC
View results
Submission Details
Severity: low
Invalid

`MembershipERC1155.uri()` & `OWPIdentity.uri()` don't check if the tokenId exist before returning the token URI, violating ERC1155 standards

## Summary
`MembershipERC1155.uri()` & `OWPIdentity.uri()` doesn't check if the tokenId exist before returning the token URI.
## Vulnerability Details
`MembershipERC1155.uri()` & `OWPIdentity.uri()` returns the token uri based on its id,but it was noticed that these functions don't check if the token/NFT exists before returning URI which will result in returning incorrect/invalid URI vioalting ERC1155 token standrd.
## Proof of Concept
[MembershipERC1155.uri()](https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/dao/tokens/MembershipERC1155.sol#L117C4-L124C6)
```javascript
function uri(uint256 tokenId) public view virtual override returns (string memory) {
return string(abi.encodePacked(
super.uri(tokenId),
Strings.toHexString(uint256(uint160(address(this))), 20),
"/",
Strings.toString(tokenId)
));
}
```
[OWPIdentity.uri() ](https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/OWPIdentity.sol#L27C1-L29C6)
```javascript
function uri(uint256 tokenId) public view virtual override returns (string memory) {
return string.concat(super.uri(tokenId), tokenId.toString());
}
```
## Tools Used
Manual Review.
## Recommendations
Update `uri()` functions to check for the tokenId if it exists before execution, if not revert the txn.
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.