DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

tokenURI not being unique and missing validation

mnedelchev_

Summary

There is always a chance that two or more person with equal profile data mint their self NFTs and we end up having the same tokenURI value for multiple NFTs. Another issue is that the properties which are returned from tokenURI could be entered with zero value.

Impact

  1. Method tokenURI losing it's purpose to be unique identifier for the NFTs.

  2. Method tokenURI to return blank metadata properties.

Recommendations

Inside method tokenURI of contract SoulboundProfileNFT change the abi.encodePacked to also include the unique value of tokenId:

bytes( // bytes casting actually unnecessary as 'abi.encodePacked()' returns a bytes
abi.encodePacked(
'{"tokenId":"', tokenId.toString(), '", ',
'{"name":"', profileName, '", ',
'"description":"A soulbound dating profile NFT.", ',
'"attributes": [{"trait_type": "Age", "value": ', Strings.toString(profileAge), '}], ',
'"image":"', imageURI, '"}'
)
)

Add empty value validation in method mintProfile for parameters name, age & profileImage.

Updates

Appeal created

n0kto Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.