Upgraded Q -> 2 from #245 [1683017351880]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #245 as 2 risk. The relevant finding follows:

[L-05] PrivatePoolMetadata.tokenURI is not compliant with EIP721 It implements PrivatePoolMetadata.tokenURI() , a function overriding ERC721's tokenURI().

This function returns the metadata URI of the provided token ID

The issue is that if queried for a token that does not have an owner or has not been minted, it returns the empty string ’’.

src/PrivatePoolMetadata.sol: 16 /// @param tokenId The private pool's token ID. 17: function tokenURI(uint256 tokenId) public view returns (string memory) { 18: // forgefmt: disable-next-item

if (_owners[_tokenId] == address(0)) return ''; 19: bytes memory metadata = abi.encodePacked( 20: "{", 21: '"name": "Private Pool ',Strings.toString(tokenId),'",', 22: '"description": "Caviar private pool AMM position.",', 23: '"image": ','"data:image/svg+xml;base64,', Base64.encode(svg(tokenId)),'",', 24: '"attributes": [', 25: attributes(tokenId), 26: "]", 27: "}" 28: ); 29: 30: return string(abi.encodePacked("data:application/json;base64,", Base64.encode(metadata))); 31: }

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #44

c4-judge commented 1 year ago

GalloDaSballo marked the issue as satisfactory

code-423n4 / 2023-04-caviar-findings

Upgraded Q -> 2 from #245 [1683017351880] #977