Function Parameter Shadowing ERC721 name() Causes Potential Misuse
Summary
The mintProfile function in the smart contract has a variable shadowing issue where the name parameter conflicts with the name() function inherited from ERC721. This can cause unintended behavior and make the contract difficult to maintain.
Vulnerability Details
The
ERC721contract has a functionname()that returns the token collection's name.The
mintProfilefunction introduces a parameter calledname, which shadows the inheritedname()function.Because of this, any reference to
namewithinmintProfilewill point to the function parameter instead of the intendedERC721.name()function.
Impact
-
Potential Misuse of
name()Any calls to
name()withinmintProfileor related functions may not behave as expected.
-
Confusion in Code Maintenance
Developers might expect
nameto refer toERC721.name(), leading to debugging challenges and potential errors.
-
Unintended Behavior in Inheritance
If other functions rely on
ERC721.name(), they might not work correctly due to the shadowing.
Tools Used
Solidity Visual Developer
Recommendations
Rename the name to _name parameter in mintProfile to avoid conflicts.
Appeal created
Suppositions
You have to point a real root-cause leading to a bug. "If, may, could, unexpected behavior, incoherent" are not describing a real concrete bug. Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.