The name() and symbol() functions are not compliant with the EIP-20 standard
Summary
Project team requested to make sure that CollectionToken is strictly compliant with EIP-20. The contract allows the owner to change the token's name and symbol through the setMetadata function while they are expected to provide consistent information.
Root Cause
While name and symbol are optional in EIP-20, they are expected to provide consistent information and MUST NOT be changed. The setMetadata function allows the owner to update these variables at any time.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Lack of requested strict compliance with EIP-20. Changing the token's name and symbol after deployment can lead to confusion among users and incompatibility with wallets that cache these values.
ComposableSecurity
Medium
The name() and symbol() functions are not compliant with the EIP-20 standard
Summary
Project team requested to make sure that
CollectionTokenis strictly compliant with EIP-20. The contract allows the owner to change the token'snameandsymbolthrough thesetMetadatafunction while they are expected to provide consistent information.Root Cause
While
nameandsymbolare optional in EIP-20, they are expected to provide consistent information and MUST NOT be changed. ThesetMetadatafunction allows the owner to update these variables at any time.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Lack of requested strict compliance with EIP-20. Changing the token's name and symbol after deployment can lead to confusion among users and incompatibility with wallets that cache these values.
PoC
No response
Mitigation
No response