DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect Error Handling in `tokenURI` Function Due to Inherited `ownerOf` Behaviour

lamassu

Severity

Impact: Low
Likelihood: High
Severity: Low

Vulnerability Details

The SoulboundProfileNFT::ownerOf function, inherited from the ERC721 contract, is used in SoulboundProfileNFT::tokenURI. If no owner is found, ownerOf will revert with an IERC721Errors.ERC721NonexistentToken::ERC721NonexistentToken error instead of returning 'address(0)'. As a result, the execution will never reach the intended SoulboundProfileNFT::ERC721Metadata__URI_QueryFor_NonExistentToken() custom error .

Impact

Users will receive the default ERC721NonexistentToken error instead of the intended custom error, potentially leading to a less informative or inconsistent error-handling experience.

Proof of Concept

Add the following test to testSoulboundProfileNFT.t.sol along with the required import.

import "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
function test_tokenUriRevert() public {
vm.prank(user);
vm.expectRevert(abi.encodeWithSelector(
IERC721Errors.ERC721NonexistentToken.selector,
1
));
soulboundNFT.tokenURI(1);
}

Tools Used

Manual Review

Recommendations

Use the internal _ownerOf function directly to check ownership.

- if (ownerOf(tokenId) == address(0)) {
+ if (_ownerOf(tokenId) == address(0)) {
Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.