Closed c4-bot-10 closed 9 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #110
MarioPoneder changed the severity to QA (Quality Assurance)
MarioPoneder marked the issue as grade-b
This previously downgraded issue has been upgraded by MarioPoneder
MarioPoneder marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/VerbsToken.sol#L194
Vulnerability details
According to the documentation
VerbsToken: Should comply with ERC721
.The specification of ERC-721 states the following regarding the
tokenURI
function:Throws if _tokenId is not a valid NFT
.The
tokenURI
function inVerbsToken
does not check if the_tokenId
is a valid NFT, and therefore it is possible to call the function with an invalid_tokenId
and get a response.Impact
The Verbs token contract is not compliant with the ERC-721 specification.
Tools Used
Manual inspection.
Recommended Mitigation Steps
Assessed type
ERC721