Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

uri() Function Incorrectly Returns Valid Metadata for Invalid Token ID 0

tanug

FestivalPass::uri() Incorrectly Returns Valid Metadata for Invalid Token ID 0

Description

  • The uri(uint256 tokenId) function returns metadata for pass and memorabilia tokens.

  • Given that valid pass token IDs are only 1, 2, and 3, and tokenId == 0 is not a valid pass, this condition allows unintended metadata generation for token ID 0, producing ipfs://beatdrop/0

@> if (tokenId <= BACKSTAGE_PASS) {
return string(abi.encodePacked("ipfs://beatdrop/", Strings.toString(tokenId)));
}

Risk

Likelihood:

  • Medium: While not harmful on-chain, it's likely to cause bugs or confusion in off-chain systems or UIs interacting with the contract.

Impact:

  • Low: Misleads user interfaces and token explorers into showing metadata for a non-existent token

Proof of Concept

  • Even though tokenId == 0 was never minted and is not a valid token, uri() retuns a uri.

string memory uri = festivalPass.uri(0);
// Returns: "ipfs://beatdrop/0"

Recommended Mitigation

  • Restrict the pass URI logic to valid, non-zero token ID

- if (tokenId <= BACKSTAGE_PASS) {
+ if (tokenId > 0 && tokenId <= BACKSTAGE_PASS) {
+ return string(abi.encodePacked("ipfs://beatdrop/", Strings.toString(tokenId)));
Updates

Lead Judging Commences

inallhonesty Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

uri for non-existing ids

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.