According to the EIP, the tokenURI is expected to revert/throw in the case where the tokenId is not a valid one, see https://eips.ethereum.org/EIPS/eip-721
/// @notice A distinct Uniform Resource Identifier (URI) for a given asset.
/// @dev Throws if `_tokenId` is not a valid NFT. URIs are defined in RFC
/// 3986. The URI may point to a JSON file that conforms to the "ERC721
/// Metadata JSON Schema".
function tokenURI(uint256 _tokenId) external view returns (string);
}
Impact
Borderline low, medium, no QA so attaching as med.
Recommended Mitigation Steps
Consider ensuring that the tokenId is valid so as to conform with the EIP.
Lines of code
https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/base/FactoryNFT.sol#L39-L51
Vulnerability details
Proof of Concept
Take a look at https://github.com/code-423n4/2024-06-panoptic/blob/153f0d82440b7e63075d55b0659706531431145f/contracts/base/FactoryNFT.sol#L39-L51
According to the EIP, the
tokenURI
is expected to revert/throw in the case where thetokenId
is not a valid one, see https://eips.ethereum.org/EIPS/eip-721Impact
Assessed type
Context