F-2025-0019·input-validation

Lack of validation on NFT metadata in WithNormalizedNft

Acknowledgedtypescriptwidgetrouter-api
TL;DR

NFT metadata fields consumed by WithNormalizedNft were not validated for shape or content, allowing malformed metadata to produce unexpected rendering or downstream behavior.

Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
MEDIUM
02Section · Description

Description

The WithNormalizedNft component consumed NFT metadata from untrusted sources without validating its shape or content. Malformed metadata could produce unexpected rendering, type errors, or downstream behavior.

03Section · Recommendation

Recommendation

Validate NFT metadata against an expected schema (Zod or similar) at the component boundary. Reject or sanitize unknown shapes before they reach rendering code.

Initia: Acknowledged. Pashov Audit Group: Acknowledged.

ZEALYNX SECURITY · published 2025-06-23
F-2025-0019