DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

tokenURI Missing data:application/json;base64, Prefix

diegotrigueros

Root + Impact

Description

The tokenURI() function returns a raw Base64-encoded string without the
required data:application/json;base64, URI prefix. The default _baseURI()
returns an empty string. NFT wallets, marketplaces (OpenSea, etc.), and
indexers expect the data URI scheme prefix to parse on-chain metadata.

// src/SoulboundProfileNFT.sol:80-108
function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
// ...
return string(
abi.encodePacked(
_baseURI(), // @> Returns "" — missing "data:application/json;base64,"
Base64.encode(...)
)
);
}

Risk

Likelihood: Certain

  • Every call to tokenURI() returns an improperly formatted URI

Impact: Medium

  • Profile metadata is unreadable by standard NFT tooling

  • Profiles won't display correctly on marketplaces/wallets

  • Breaks protocol's "verified profile" UX

Proof of Concept

Calling tokenURI() returns a raw base64 blob without the standard data
URI scheme, making it unparseable by any compliant NFT client or indexer.

// Current output: "eyJuYW1lIjoiQWxpY2UiLC..." (raw base64)
// Expected output: "data:application/json;base64,eyJuYW1lIjoiQWxpY2UiLC..."

Recommended Mitigation

Override the inherited _baseURI() to return the standard data URI prefix,
so the full tokenURI() output conforms to the on-chain metadata convention
expected by wallets and marketplaces.

+ function _baseURI() internal pure override returns (string memory) {
+ return "data:application/json;base64,";
+ }
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!