Medium Risk
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultManagerV5.sol#L94
doesn't follow the EIP standard
The tokenURI method does not check if the NFT has been minted and returns data for the contract that may be a fake NFT
By invoking the SmartVaultManagerV5.tokenURI method for a maliciously provided NFT id, the returned data may deceive potential users, as the method will return data for a non-existent NFT id. This can lead to a poor user experience or financial loss for users. Violation of the ERC721-Metadata part standard similar finding: https://github.com/code-423n4/2023-04-caviar-findings/issues/44
Throw an error if the NFT id is invalid.