Description
parse_nftoken_id performs &nft_id[0..4], [4..8], [8..48], [48..56], [56..64] after a nft_id.len() != 64 check. NFT IDs are required to be ASCII hex, but the length guard uses byte-length, not char-count. A 64-byte non-ASCII UTF-8 input can land on a non-char-boundary and panic.
Location
Impact / Severity
Low.
Adversarial Agent Notes
Verdict: ACCEPT.
Description
parse_nftoken_idperforms&nft_id[0..4],[4..8],[8..48],[48..56],[56..64]after anft_id.len() != 64check. NFT IDs are required to be ASCII hex, but the length guard uses byte-length, not char-count. A 64-byte non-ASCII UTF-8 input can land on a non-char-boundary and panic.Location
Impact / Severity
Low.
Adversarial Agent Notes
Verdict: ACCEPT.