Root + Impact

The tokenURI() function constructs JSON metadata without proper string sanitization and encoding steps, which could lead to:

• Malformed URIs if imageURI or other dynamic values contain special characters (quotes, newlines, unicode)

• JSON injection vulnerabilities if any input contains unescaped double quotes

• Metadata corruption due to improper handling of UTF-8 multi-byte sequences

• Potential Base64 encoding errors from raw packed bytes

Description

Key Issues

• Dynamic inputs (name(), imageURI) are packed without UTF-8 validation

• No escaping of quotes in dynamic values that could break JSON structure

• Packed bytes may contain irregular sequences that Base64.encode() doesn't handle optimally

Risk

Likelihood: MEDIUM-LOW

• The problem can arise intentionally or not; it depends on the image URI provided.

Impact: HIGH

• All NFT's will be broken;

• The problem can be uncovered later after snow distribution.

Proof of Concept

Recommended Mitigation

Implement proper encoding flow with intermediate string conversion: