Beatland Festival
First Flight #44
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Token ID `0` incorrectly returns pass metadata URI

fredo182

Root + Impact

Token ID 0 incorrectly returns pass metadata URI

Description

The FestivalPass::uri function is used to resolve metadata URIs for both passes and memorabilia items. For token IDs (1, 2, and 3) the function correctly returns an ipfs://beatdrop/{id} style URI. However, the logic treats token ID 0 as valid veucase of the following check:

@> if (tokenId <= BACKSTAGE_PASS) {
return string(abi.encodePacked("ipfs://beatdrop/", Strings.toString(tokenId)));
}

Since 0 <= BACKSTAGE_PASS, the function returns an incorrect URI despite token ID 0 not being a valid pass or memorabilia token.

Risk

Likelihood: Medium
Any external contact, frontend, or metadata fetcher querying uri(0) will get a false-positive result instead of handling it as invalid.

Impact: Low
The metadata of an invalid token ID 0 is misleading but does not result in direct asset loss or functional misbehavior beyond incorrect metadata representation.

Proof of Concept

function test_zeroTokenIdURI() public view {
assertEq(festivalPass.uri(0), "ipfs://beatdrop/0");
}

Recommended Mitigation

Add an explicit check to disallow token ID 0, which is never valid under the contract's pass or memorabilia ID schema.

+ require(tokenId != 0, "Invalid token ID");
if (tokenId <= BACKSTAGE_PASS) {
return string(abi.encodePacked("ipfs://beatdrop/", Strings.toString(tokenId)));
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

uri for non-existing ids

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.