Back to 0xdeadbeef's contests

Art Gobblers contest - 0xdeadbeef's results

Experimental Decentralized Art Factory By Justin Roiland and Paradigm.

General Information

Platform: Code4rena

Start Date: 20/09/2022

Pot Size: $100,000 USDC

Total HM: 4

Participants: 109

Period: 7 days

Judge: GalloDaSballo

Id: 163

League: ETH

Art Gobblers

Findings Distribution

Researcher Performance

Rank: 108/109

Findings: 1

Award: $55.20

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryArt Gobblers

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron

Awards

55.1985 USDC - $55.20

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

In the file Pages.sol:

Line 103 uint256 public immutable mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 158 uint256 _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 177 mintStart = _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 195 function mintFromGoo(uint256 maxPrice, bool useVirtualBalance) external returns (uint256 pageId) : : _safemint() should be used instead of _mint() function whereever possible

Line 211 _mint(msg.sender, pageId): _safemint() should be used instead of _mint() function whereever possible

Line 222 uint256 timeSinceStart = block.timestamp - mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 239 function mintCommunityPages(uint256 numPages) external returns (uint256 lastMintedPageId) : : _safemint() should be used instead of _mint() function whereever possible

Line 251 for (uint256 i = 0; i < numPages; i++) _mint(community, ++lastMintedPageId): _safemint() should be used instead of _mint() function whereever possible

Line 253 currentId = uint128(lastMintedPageId); // Update currentId with the last minted page id: : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 161: _community

In the file ArtGobblers.sol:

Line 156 uint256 public immutable mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 290 uint256 _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 311 mintStart = _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 327 gobblerRevealsData.nextRevealTimestamp = uint64(_mintStart + 1 days): : _safemint() should be used instead of _mint() function whereever possible

Line 341 if (mintStart > block.timestamp) revert MintStartPending(): : _safemint() should be used instead of _mint() function whereever possible

Line 356 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 368 function mintFromGoo(uint256 maxPrice, bool useVirtualBalance) external returns (uint256 gobblerId) : : _safemint() should be used instead of _mint() function whereever possible

Line 389 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 399 uint256 timeSinceStart = block.timestamp - mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 411 function mintLegendaryGobbler(uint256[] calldata gobblerIds) external returns (uint256 gobblerId) : : _safemint() should be used instead of _mint() function whereever possible

Line 469 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 482 uint256 mintedFromGoo = numMintedFromGoo: : _safemint() should be used instead of _mint() function whereever possible

Line 490 if (numMintedAtStart > mintedFromGoo) revert LegendaryAuctionNotStarted(numMintedAtStart - mintedFromGoo): : _safemint() should be used instead of _mint() function whereever possible

Line 711 revert("NOT_MINTED"); // Unminted legendaries and invalid token ids: : _safemint() should be used instead of _mint() function whereever possible

Line 786 goo.mintForGobblers(msg.sender, gooAmount): : _safemint() should be used instead of _mint() function whereever possible

Line 839 function mintReservedGobblers(uint256 numGobblersEach) external returns (uint256 lastMintedGobblerId) : : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 294: _team
	line 295: _community
	line 725: nft
	line 757: user
	line 793: user
	line 814: user
	line 872: user
	line 881: from

In the file GobblersERC1155B.sol:

Line 135 function _mint: _safemint() should be used instead of _mint() function whereever possible

Line 192 return lastMintedId; // Return the new last minted id: : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 55: owner
	line 59: owner
	line 79: operator
	line 86: from
	line 86: from

In the file GobblersERC721.sol:

Line 160 function _mint(address to, uint256 id) internal : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 92: spender
	line 102: operator
	line 109: from
	line 109: from
	line 109: from

In the file PagesERC721.sol:

Line 173 function _mint(address to, uint256 id) internal : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 82: spender
	line 92: operator
	line 99: from
	line 99: from
	line 99: from

In the file DeployBase.s.sol:

Line 20 uint256 private immutable mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 40 uint256 _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 51 mintStart = _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 91 mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 102 pages = new Pages(mintStart, goo, teamColdWallet, artGobblers, pagesBaseUri): : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 38: _teamColdWallet
	line 41: _vrfCoordinator
	line 42: _linkToken
	line 94: teamReserve
	line 95: communityReserve

In the file ArtGobblers.sol:

Line 156 uint256 public immutable mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 290 uint256 _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 311 mintStart = _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 327 gobblerRevealsData.nextRevealTimestamp = uint64(_mintStart + 1 days): : _safemint() should be used instead of _mint() function whereever possible

Line 341 if (mintStart > block.timestamp) revert MintStartPending(): : _safemint() should be used instead of _mint() function whereever possible

Line 356 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 368 function mintFromGoo(uint256 maxPrice, bool useVirtualBalance) external returns (uint256 gobblerId) {//@audit: 理论上逻辑没问题 但是需要看下属每个函数是否能绕过: : _safemint() should be used instead of _mint() function whereever possible

Line 389 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 399 uint256 timeSinceStart = block.timestamp - mintStart;//@audit: this will revert if not properly se: : _safemint() should be used instead of _mint() function whereever possible

Line 411 function mintLegendaryGobbler(uint256[] calldata gobblerIds) external returns (uint256 gobblerId) : : _safemint() should be used instead of _mint() function whereever possible

Line 469 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

Line 482 uint256 mintedFromGoo = numMintedFromGoo: : _safemint() should be used instead of _mint() function whereever possible

Line 490 if (numMintedAtStart > mintedFromGoo) revert LegendaryAuctionNotStarted(numMintedAtStart - mintedFromGoo): : _safemint() should be used instead of _mint() function whereever possible

Line 711 revert("NOT_MINTED"); // Unminted legendaries and invalid token ids: : _safemint() should be used instead of _mint() function whereever possible

Line 786 goo.mintForGobblers(msg.sender, gooAmount): : _safemint() should be used instead of _mint() function whereever possible

Line 839 function mintReservedGobblers(uint256 numGobblersEach) external returns (uint256 lastMintedGobblerId) : : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 294: _team
	line 295: _community
	line 725: nft
	line 757: user
	line 793: user
	line 814: user
	line 872: user
	line 881: from

In the file attack_ArtGobblers.sol:

Line 98 _mint(msg.sender, gobblerId): _safemint() should be used instead of _mint() function whereever possible

In the file Goo.sol:

Line 101 function mintForGobblers(address to, uint256 amount) external only(artGobblers) : : _safemint() should be used instead of _mint() function whereever possible

Line 102 _mint(to, amount): _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 82: _artGobblers
	line 101: to
	line 108: from
	line 115: from

In the file Pages.sol:

Line 103 uint256 public immutable mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 158 uint256 _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 177 mintStart = _mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 195 function mintFromGoo(uint256 maxPrice, bool useVirtualBalance) external returns (uint256 pageId) : : _safemint() should be used instead of _mint() function whereever possible

Line 211 _mint(msg.sender, pageId): _safemint() should be used instead of _mint() function whereever possible

Line 222 uint256 timeSinceStart = block.timestamp - mintStart: : _safemint() should be used instead of _mint() function whereever possible

Line 239 function mintCommunityPages(uint256 numPages) external returns (uint256 lastMintedPageId) : : _safemint() should be used instead of _mint() function whereever possible

Line 251 for (uint256 i = 0; i < numPages; i++) _mint(community, ++lastMintedPageId): _safemint() should be used instead of _mint() function whereever possible

Line 253 currentId = uint128(lastMintedPageId); // Update currentId with the last minted page id: : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 161: _community

In the file GobblerReserve.sol:

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 23: _owner
	line 34: to

In the file GobblersERC1155B.sol:

Line 135 function _mint: _safemint() should be used instead of _mint() function whereever possible

Line 192 return lastMintedId; // Return the new last minted id: : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 55: owner
	line 59: owner
	line 79: operator
	line 86: from
	line 86: from

In the file GobblersERC721.sol:

Line 160 function _mint(address to, uint256 id) internal : _safemint() should be used instead of _mint() function whereever possible

these address variables are not checked whether they are address(0), address variable should check if it is zero

	line 92: spender
	line 102: operator
	line 109: from
	line 109: from
	line 109: from

#0 - GalloDaSballo

2022-10-04T22:01:23Z

Do you genuinely believe that it's a good idea to send 2+ pages of the same advice to use safeMint?

#1 - GalloDaSballo

2022-10-04T22:01:27Z

Will penalize

#2 - GalloDaSballo

2022-10-06T18:11:47Z

1L from 0 check

TODO safeMint

#3 - GalloDaSballo

2022-10-13T22:45:18Z

2L

Will penalize by 3 points because of the trashiness

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter