DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Local variable shadowing in `SoulboundProfileNFT::mintProfile`

jufel

Description: OpenZeppelin's ERC721 contract includes a public function name(), which returns the token collection's name. This function is accessible within SoulboundProfileNFT unless a local variable or parameter with the same name is declared. The function parameter "name" shadows ERC721.name(), meaning that inside SoulboundProfileNFT::mintProfile, "name" will always refer to the parameter. As a result, the use of "name" might be incorrect.

Recommended Mitigation: Change the "name" parameter to something else, like "profileName".

- function mintProfile(string memory name, uint8 age, string memory profileImage) external {
+ function mintProfile(string memory profileName, uint8 age, string memory profileImage) external {
require(profileToToken[msg.sender] == 0, "Profile already exists");
uint256 tokenId = ++_nextTokenId;
_safeMint(msg.sender, tokenId);
// Store metadata on-chain
- _profiles[tokenId] = Profile(name, age, profileImage);
+ _profiles[tokenId] = Profile(profileName, age, profileImage);
profileToToken[msg.sender] = tokenId;
- emit ProfileMinted(msg.sender, tokenId, name, age, profileImage);
+ emit ProfileMinted(msg.sender, tokenId, profileName, age, profileImage);
}
Updates

Appeal created

n0kto Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.