F-2025-0002·input-validation
Unvalidated external image URLs from NFT metadata
TL;DR
External image URLs from untrusted NFT metadata were rendered without validation, allowing arbitrary remote content (and potentially exploit payloads) to be loaded inside the trusted widget origin.
Severity
MEDIUM
Impact
MEDIUM
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
MEDIUM
02Section · Description
Description
NFT metadata is a user-controlled field. The widget rendered the image URL from arbitrary NFT metadata without any validation of scheme, host, or content type. Attacker-controlled NFTs could therefore force the widget to load arbitrary remote content into the application context.
03Section · Recommendation
Recommendation
Validate NFT image URLs against an allowlist of schemes (https, ipfs, data) and reject unexpected protocols. Optionally proxy and content-type-check images through a controlled origin.
Initia: Resolved. Pashov Audit Group: Resolved.
Status
Fixed
Fix commit
de9d3602dc1a
Fix date
2025-06-23