Incorrect NFT Name and Symbol, Malicious Actors could exploit this mismatch by deploying a fake BBeast NFT
Root + Impact
Description
the contract name and the ERC721 metadata (name and symbol) should align with the intended branding of the NFT collection. This ensures users, marketplaces, and explorers can correctly identify the token and associate it with the right project.
In this implementation, the smart contract is named BidBeasts, but the ERC721 constructor initializes the collection with the name Goddie_NFT and symbol GDNFT. This mismatch causes user-facing platforms (wallets, block explorers, marketplaces) to display Goddie_NFT instead of BidBeasts. While this does not affect core ERC721 functionality, it introduces confusion and trust issues for end users and integrators.
Risk
Likelihood:
Occurs for every deployment of the NFT contract.
Users will always see the unintended name Goddie_NFT instead of BidBeasts.
Impact:
User confusion when interacting with marketplaces or wallets.
Integrations relying on the name/symbol may mislabel the collection.
Reputational risk: malicious actors could exploit this mismatch to deploy a fake “BidBeasts” with the correct branding, tricking users into interacting with the wrong collection.
Proof of Concept
Deploy the BidBeasts contract.
Query ERC721.name() → returns "Goddie_NFT".
Query ERC721.symbol() → returns "GDNFT".
Marketplaces and explorers display "Goddie_NFT (GDNFT)", not "BidBeasts".
Recommended Mitigation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.