Platform: Code4rena
Start Date: 11/08/2022
Pot Size: $40,000 USDC
Total HM: 8
Participants: 108
Period: 4 days
Judge: hickuphh3
Total Solo HM: 2
Id: 152
League: ETH
Rank: 76/108
Findings: 1
Award: $41.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Saw-mon_and_Natalie
Also found by: 0x1f8b, 0x52, 0xDjango, 0xNazgul, 0xSmartContract, 0xSolus, 0xackermann, 0xmatt, 0xsolstars, Aymen0909, Bnke0x0, Chom, Deivitto, DevABDee, Dravee, ElKu, IllIllI, JC, Kumpa, Lambda, LeoS, MiloTruck, PwnedNoMore, ReyAdmirado, Rohan16, Rolezn, Ruhum, Sm4rty, TomJ, Treasure-Seeker, Vexjon, Waze, Yiko, __141345__, apostle0x01, auditor0517, berndartmueller, bin2chen, bobirichman, brgltd, bulej93, c3phas, carlitox477, cccz, cryptphi, csanuragjain, d3e4, danb, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, iamwhitelights, joestakey, jonatascm, ladboy233, mics, oyc_109, rbserver, ret2basic, robee, rokinot, rvierdiiev, shenwilly, sikorico, simon135, thank_you, wagmi, yash90, zeesaw, zkhorse
41.1995 USDC - $41.20
The INFTDropCollectionInitializer(_implementation).initialize() call in NFTCollectionFactory.adminUpdateNFTDropCollectionImplementation() should have the _baseURI, _postRevealBaseURIHash arguments declared as constants
NFTCollectionFactory.initialize() - anybody can initialize the version of the NFT Collection, versionNFTCollection
NFTCollectionFactory.sol contract does not comply with inherited ICollectionFactory contractThe NFTCollectionFactory contract inherits ICollectionFactory, however, does not comply with ICollectionFactory. There is no rolesContract() function in NFTCollectionFactory.
NFTDropMarketFixedPriceSale.createFixedPriceSale() is missing a zero value check for price param.Unless allowed in the documentation, a collection admin may mistakenly input 0 as the price for the FixedPriceSale and make the sale free mint. Otherwise, there should be a zero value check in the createFixedPriceSale() function
NFTDropMarketFixedPriceSale contract does not implement receive() function to be able to receive ETH in the contract.
#0 - HardlyDifficult
2022-08-18T16:56:30Z
The INFTDropCollectionInitializer(_implementation).initialize()
Fair feedback but I don't agree here. This is a special case where the values here are basically just magic numbers / values. I think inline definitions is more clear & easier to read.
Anyone can initialize
Invalid. See our comment here for context
NFTCollectionFactory.sol contract does not comply with interface
Invalid. It does, and my inheriting from the interface the compiler guarantees this is the case for us.
createFixedPriceSale() is missing a zero value check for price
Invalid. 0 is supported and this is mentioned in the comments.
NFTDropMarketFixedPriceSale contract does not implement receive()
Invalid. FETHNode implements a receiver for that use case. Other functions are payable where required.