search

Pearl-Finance / v3-periphery

🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3
https://uniswap.org
GNU General Public License v2.0
0 stars 0 forks source link

[NFD-01C] Improper Generation of SVG #3

Open mavvverick opened 7 months ago

mavvverick commented 7 months ago

NFD-01C: Improper Generation of SVG

Type Severity Location
Standard Conformity NFTDescriptor.sol:L409-L436

Description:

The SVG generated by the NFTDescriptor::generateSVGImage is meant to be a representation of symbols that are affiliated with Uniswap V3.

Example:

function generateSVGImage(ConstructTokenURIParams memory params) internal pure returns (string memory svg) {
    NFTSVG.SVGParams memory svgParams =
        NFTSVG.SVGParams({
            quoteToken: addressToString(params.quoteTokenAddress),
            baseToken: addressToString(params.baseTokenAddress),
            poolAddress: params.poolAddress,
            quoteTokenSymbol: params.quoteTokenSymbol,
            baseTokenSymbol: params.baseTokenSymbol,
            feeTier: feeToPercentString(params.fee),
            tickLower: params.tickLower,
            tickUpper: params.tickUpper,
            tickSpacing: params.tickSpacing,
            overRange: overRange(params.tickLower, params.tickUpper, params.tickCurrent),
            tokenId: params.tokenId,
            color0: tokenToColorHex(uint256(params.quoteTokenAddress), 136),
            color1: tokenToColorHex(uint256(params.baseTokenAddress), 136),
            color2: tokenToColorHex(uint256(params.quoteTokenAddress), 0),
            color3: tokenToColorHex(uint256(params.baseTokenAddress), 0),
            x1: scale(getCircleCoord(uint256(params.quoteTokenAddress), 16, params.tokenId), 0, 255, 16, 274),
            y1: scale(getCircleCoord(uint256(params.baseTokenAddress), 16, params.tokenId), 0, 255, 100, 484),
            x2: scale(getCircleCoord(uint256(params.quoteTokenAddress), 32, params.tokenId), 0, 255, 16, 274),
            y2: scale(getCircleCoord(uint256(params.baseTokenAddress), 32, params.tokenId), 0, 255, 100, 484),
            x3: scale(getCircleCoord(uint256(params.quoteTokenAddress), 48, params.tokenId), 0, 255, 16, 274),
            y3: scale(getCircleCoord(uint256(params.baseTokenAddress), 48, params.tokenId), 0, 255, 100, 484)
        });

    return NFTSVG.generateSVG(svgParams);
}

Recommendation:

We advise either the NFTSVG::generateSVG or the NFTDescriptor::generateSVGImage function to be updated, ensuring that the metadata yielded by the Pearl Finance V2 NFTDescriptor aligns with the protocol's own assets.

mavvverick commented 7 months ago

The PearlV2 protocol, derived from UniswapV3, has been enhanced to accommodate rebase and fee-on-transfertokens while retaining the core functionalities. Updating the symbols associated with Uniswap V3 isn't deemed necessary.