Missing tokenURI Implementation Breaks NFT Display and Trading

Description

• The BidBeasts NFT contract should provide metadata for each token through the tokenURI() function, allowing wallets, marketplaces, and other applications to display NFT information such as name, description, and image. This is a fundamental requirement for NFT functionality in the Web3 ecosystem.

• The contract inherits from OpenZeppelin's ERC721 but fails to implement the tokenURI() function or override _baseURI(), resulting in empty metadata for all minted NFTs. This renders the NFTs functionally useless across all major platforms and applications.

Risk

Likelihood:

• Every minted NFT will have empty metadata since there is no implementation of tokenURI functionality

• All users attempting to view or trade NFTs on any platform will encounter this issue immediately upon interaction

Impact:

• NFTs cannot be displayed properly on major marketplaces (OpenSea, Rarible, etc.) and will appear as "Unnamed" tokens

• The NFT collection loses all commercial value and utility in the broader ecosystem. This will highly disturb BidBeastsMarketPlace's functionality.

Proof of Concept

First we need to make a quick fix in test/BidBeastsMarketPlaceTest.t.sol:BidBeastsNFTMarketTest::setUp()

Please add the following test to test/BidBeastsMarketPlaceTest.t.sol:BidBeastsNFTMarketTest:

Then run: forge test --mt testUserCanNotQueryValidNFTMetadata

Output:

Recommended Mitigation

In src/BidBeasts_NFT_ERC721.sol: BidBeasts:

Alternative Solutions:

1. Base URI + Token ID Pattern: Override _baseURI() to return a base URL and concatenate with token ID (e.g., https://api.example.com/metadata/{tokenId}.json)

2. Centralized Metadata Server: Implement a single base URI pointing to a centralized metadata service that serves JSON metadata based on token ID

3. IPFS Integration: Store metadata on IPFS and use IPFS hashes as token URIs for decentralized metadata storage