DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

No parameter validations in SoulboundProfileNFT::mintProfile allows users to bypass making a profile.

riceee

Vulnerability Details

Currently SoulboundProfileNFT::mintProfile allows an user to mint a profile NFT without any parameter validations, meaning this can be abused to mint profiles with no name/age/image which is just a spam profile created disrupting the intended functionality of the DatingDapp.

Impact

This causes an overall dissatisfaction in service and lack of trust of other users in the protocol

Tools Used

Manual Review

Recommendations

Check for parameter validations in the mint function

mapping(address user => Profile) userProfile;
function mintProfile(string memory name, uint8 age, string memory profileImage) external {
//Add the check
require(name != "" && age > 18 && profileImage != "", "Invalid Parameters");
}
Updates

Appeal created

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_URI_injection_scam_underaged_bad_name_photo_etc

Scamming/phishing is not the protocol problem, that's a user mistake. NFT are unique, even if someone does a copy of your profile (which is also possible in web2), I consider it informational. Injection is a problem for the web2 part of the protocol, not a bug here. For the age, it depends on the countries law and future medicine. Anyways, that's more an ethical/political problem, not a bug.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.