function setReserve should check that _reserve address is not empty.
function setNestedReserve should check that _nstReserve is not an empty address unless burning reserve tokens may be intended.
function setFeeSplitter should check that _feeSplitter is not an empty address.
function backfillTokenURI should validate that _tokenId exists, otherwise it will be possible to set metadata of tokens that are not minted yet.
Recommended Mitigation Steps
There are more functions that could enforce similar validations but I am not sure if you are interested in this or is this an intended behavior to not validate this.
Handle
pauliax
Vulnerability details
Impact
function setReserve should check that _reserve address is not empty. function setNestedReserve should check that _nstReserve is not an empty address unless burning reserve tokens may be intended. function setFeeSplitter should check that _feeSplitter is not an empty address. function backfillTokenURI should validate that _tokenId exists, otherwise it will be possible to set metadata of tokens that are not minted yet.
Recommended Mitigation Steps
There are more functions that could enforce similar validations but I am not sure if you are interested in this or is this an intended behavior to not validate this.