c4-judge
commented
1 year ago MiloTruck marked the issue as duplicate of #243
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago MiloTruck marked the issue as duplicate of #243
c4-judge
commented
1 year ago MiloTruck marked the issue as satisfactory
Judge has assessed an item in Issue #246 as 2 risk. The relevant finding follows:
[L-03] The tokenURI is not compatible with the ERC721 standard Description function tokenURI(uint256 _safeId) public view override returns (string memory uri) { uri = nftRenderer.render(_safeId); } tokenURI will call nftRenderer directly to render the data, and it will not detect whether the ID has been minted, which violates the ERC721 standard. Malicious attackers can forge NFTs to deceive users, causing users to think that the corresponding NFTs are real.
Recommendations Check the id is real before return tokenURI