Closed code423n4 closed 1 year ago
if (gobblerId == 0) revert("NOT_MINTED"); check is done only for if (gobblerId <= gobblerRevealsData.lastRevealedId) and for other's it does not.
Zero is always inclusive in that greater or equal check. So the path is never missed.
This saves gas as opposed to it being executed every time. That is why it is not its own statement at the top.
Lines of code
https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L693-L712
Vulnerability details
Impact
validation check for
gobblerId
is missing for other case inside the functiontokenURI
.Proof of Concept
https://github.com/code-423n4/2022-09-artgobblers/blob/d2087c5a8a6a4f1b9784520e7fe75afa3a9cbdbe/src/ArtGobblers.sol#L695-L699
if (gobblerId == 0) revert("NOT_MINTED");
check is done only forif (gobblerId <= gobblerRevealsData.lastRevealedId)
and for other's it does not.Tools Used
VS code
Recommended Mitigation Steps
Add the validation
if (gobblerId == 0) revert("NOT_MINTED");
at the start of the function.