No check for empty `atomUri`

[hats-bug-reporter[bot]]

Github username: @Al-Qa-qa Twitter username: al_qa_qa Submission hash (on-chain): 0xeb7d1766b9cce7be5d3dd0196cbb78e0ef5987e6add73ef7d19326a02df4b8dd Severity: low

Description: Description\

There is a check that the atomUri do not exceeds the MaxLength, but there is no Minimum Length check for the atomUri.

Since atomUri is going to represent data URLs like Youtube video. there should be minimum length to check for.

And there is no even check for empty bytes 0x

function _createAtom(bytes calldata atomUri, uint256 value) internal returns (uint256, uint256) {
        // @audit No check for empty bytes input
 @>     if (atomUri.length > generalConfig.atomUriMaxLength) {
            revert Errors.MultiVault_AtomUriTooLong();
        }
}

Recommendations\

Check that the length exceeds 0, and it is better to implement a minimum length check.

[mihailo-maksa]

The concern regarding the lack of a minimum length check for the atomUri has been reviewed. Here is our detailed response:

Intended Flexibility: Allowing atomUris of any length, including zero length, is a deliberate design choice. This flexibility ensures that users can create atoms based on their specific needs without being restricted by arbitrary minimum length requirements.

Controlled Usage: The system ensures that the atomUri does not exceed the maximum allowed length, maintaining control over the data size. A zero-length atomUri is a valid input and does not introduce any security or operational risks.

Use Case Scenarios: The creation of atoms with zero-length atomUris is a rare scenario and does not impact the overall functionality or integrity of the system. It is a permissible case within our design considerations.

Conclusion: The absence of a minimum length check for the atomUri does not constitute a vulnerability. It is an intentional feature that supports user flexibility and does not pose any risk. Therefore, we consider this issue to be invalid.

Status: This issue is invalid.