FestivalPass::uri()
Incorrectly Returns Valid Metadata for Invalid Token ID 0The uri(uint256 tokenId)
function returns metadata for pass and memorabilia tokens.
Given that valid pass token IDs are only 1
, 2
, and 3
, and tokenId == 0
is not a valid pass, this condition allows unintended metadata generation for token ID 0,
producing ipfs://beatdrop/0
Likelihood:
Medium: While not harmful on-chain, it's likely to cause bugs or confusion in off-chain systems or UIs interacting with the contract.
Impact:
Low: Misleads user interfaces and token explorers into showing metadata for a non-existent token
Even though tokenId == 0
was never minted and is not a valid token, uri() retuns a uri.
Restrict the pass URI logic to valid, non-zero token ID
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.