Back to Cityscape's contests

Infinity NFT Marketplace contest - Cityscape's results

The world's most advanced NFT marketplace.

General Information

Platform: Code4rena

Start Date: 14/06/2022

Pot Size: $50,000 USDC

Total HM: 19

Participants: 99

Period: 5 days

Judge: HardlyDifficult

Total Solo HM: 4

Id: 136

League: ETH

Infinity NFT Marketplace

Findings Distribution

Researcher Performance

Rank: 88/99

Findings: 1

Award: $48.98

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryInfinity NFT Marketplace

Findings Information

🌟 Selected for report: joestakey

Also found by: 0x1f8b, 0x29A, 0x52, 0xDjango, 0xNazgul, 0xNineDec, 0xf15ers, 0xkowloon, 0xmint, 8olidity, BowTiedWardens, Chom, Cityscape, Czar102, ElKu, FSchmoede, Funen, GimelSec, GreyArt, IllIllI, KIntern, Kaiziron, Kenshin, Lambda, MadWookie, MiloTruck, PPrieditis, Picodes, Ruhum, Sm4rty, StErMi, TerrierLover, TomJ, Treasure-Seeker, VAD37, WatchPug, Wayne, _Adam, a12jmx, abhinavmir, antonttc, apostle0x01, asutorufos, berndartmueller, cccz, cloudjunky, codexploder, cryptphi, csanuragjain, defsec, delfin454000, fatherOfBlocks, georgypetrov, hake, hansfriese, horsefacts, hyh, k, kenta, nxrblsrpr, oyc_109, peritoflores, rajatbeladiya, reassor, rfa, robee, sach1r0, saian, samruna, shenwilly, simon135, sorrynotsorry, sseefried, throttle, unforgiven, wagmi, zzzitron

Awards

48.977 USDC - $48.98

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

Non-Critical

Typo

Unstake is mispelled as ‘Untake’

* @notice Untake tokens @audit Unstake

proposed change:

* @notice Unstake tokens @audit Unstake

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L112

There is an extra space after ‘one’ and before ‘order’


@notice matches one  order to many orders. example: a buy order with 5 specific nfts with 5 sell orders with those specific nfts.

proposed change:

@notice matches one order to many orders. example: a buy order with 5 specific nfts with 5 sell orders with those specific nfts.

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L172

address is mispelled as ‘adress’


/// @dev this is the adress that is used to send auto sniped orders for execution on chain @audit address

proposed change:

/// @dev this is the address that is used to send auto sniped orders for execution on chain

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L58

Natspec

The constructor for contract InfinityToken lacks natspec documentation

constructor(
    address admin,
    uint256 epochInflation,
    uint256 epochDuration,
    uint256 epochCliff,
    uint256 maxEpochs,
    uint256 timelock,
    uint256 supply
  )

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L37-L45

Low-Risk

Access Controls on important function

Due to the importance of advanceEpoch in minting it is reccomended that access control limits are present as to reduce potential attack vectors, either through an owner or minter role.


function advanceEpoch() external {

proposed change:

function advanceEpoch() external onlyOwner {

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L60

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter