Missing Base URI in `soulboundProfileNFT::tokenURI` Causes Metadata Rendering Issues.
Description:
The _baseURI function in the soulboundProfileNFT::tokenURI function is left uninitialized, resulting in an empty base URI. Consequently, when concatenating _baseURI() with the Base64-encoded metadata, the final token URI lacks a proper prefix indicating it is Base64-encoded. This leads to metadata and image display issues in wallets.
Impact:
NFT metadata and images may not render correctly in wallets.
Reduces the usability and accessibility of the NFTs, affecting user experience.
Proof of Concept:
Mint an NFT using the contract and attempt to view it in a wallet. The metadata URL will be improperly formatted, leading to display failures. The issue stems from _baseURI() returning an empty string.
Recommended Mitigation:
Override _baseURI() in the contract to return "data:application/json;base64," to properly indicate that the token URI contains Base64-encoded metadata.
Add this function to soulboundProfileNFT.sol.
Appeal created
invalid_baseURI_not_override
`_baseURI` can remains empty, the token URI will have a valid JSON. Rest can be handled in the app interface.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.