Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 28/109
Findings: 1
Award: $696.90
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron
696.8956 USDC - $696.90
Contract: https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/token/GobblersERC1155B.sol#L55
Issue: In ownerOf function, invalid id will result in returning zero address owner
Recommendation: Change it to require((owner = getGobblerData[id].owner) != address(0), "NOT_MINTED");
Contract: https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/token/GobblersERC721.sol#L92
Issue: In approve function, approved user wont be allowed to call the approve function which is incorrect
Recommendation: Add getApproved[id]==msg.sender to the list of allowed user. Same goes for PagesERC721.sol
Issue: In setOwner function, an incorrectly passed argument address will be set as admin of contract which will prohibit all function calls which are admin only. This can impact GobblerReserve (withdraw function), ArtGobblers (upgradeRandProvider)
Recommendation: Kindly change this address change to a 2 step process (Pending admin, confirm admin) and also add checks for 0 address
#0 - GalloDaSballo
2022-10-06T19:09:50Z
L
Disagree as it's consistent with Solmate, feel free to follow up https://github.com/transmissions11/solmate/blob/62e0943c013a66b2720255e2651450928f4eed7a/src/tokens/ERC721.sol#L66
NC
1L 1NC