DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Informational: Custom Error In tokenURI() Is Unreachable

yashkhare9815

Informational: Custom Error In tokenURI() Is Unreachable

Description

  • The protocol attempts to provide a custom error for nonexistent token metadata queries.

  • However, ownerOf(tokenId) already reverts internally for nonexistent tokens before the custom error condition can execute.

  • As a result, the custom error ERC721Metadata__URI_QueryFor_NonExistentToken() is never actually triggered.

// Root cause in the codebase with @> marks to highlight the relevant section
function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
// @> ownerOf() already reverts before comparison executes
if (ownerOf(tokenId) == address(0)) {
revert ERC721Metadata__URI_QueryFor_NonExistentToken();
}
}

Risk

Likelihood:

  • Every invalid token query reaches ownerOf() first.

Impact:

  • Intended custom error handling is bypassed.

  • Error behavior becomes inconsistent with developer expectations.

Proof of Concept

The following test demonstrates that the custom error is never emitted.

function testCustomErrorUnreachable() public {
vm.expectRevert();
soulboundNFT.tokenURI(999);
}

Recommended Mitigation

Use _ownerOf() or _exists() instead of ownerOf() for existence checks.

- if (ownerOf(tokenId) == address(0)) {
+ if (_ownerOf(tokenId) == address(0)) {
revert ERC721Metadata__URI_QueryFor_NonExistentToken();
}
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!