Back to durianSausage's contests

Art Gobblers contest - durianSausage's results

Experimental Decentralized Art Factory By Justin Roiland and Paradigm.

General Information

Platform: Code4rena

Start Date: 20/09/2022

Pot Size: $100,000 USDC

Total HM: 4

Participants: 109

Period: 7 days

Judge: GalloDaSballo

Id: 163

League: ETH

Art Gobblers

Findings Distribution

Researcher Performance

Rank: 80/109

Findings: 1

Award: $55.20

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryArt Gobblers

Findings Information

🌟 Selected for report: IllIllI

Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron

Awards

55.1985 USDC - $55.20

Labels

bug
QA (Quality Assurance)

External Links

Link to GitHub issue

L01:_SAFEMINT() SHOULD BE USED RATHER THAN _MINT() WHEREVER POSSIBLE

problem

_mint() is discouraged in favor of _safeMint() which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function

prof

src/ArtGobblers.sol, 356, b' _mint(msg.sender, gobblerId);' src/ArtGobblers.sol, 389, b' _mint(msg.sender, gobblerId);' src/ArtGobblers.sol, 469, b' _mint(msg.sender, gobblerId);' lib/solmate/src/tokens/ERC721.sol, 194, b' _mint(to, id);' lib/solmate/src/tokens/ERC721.sol, 209, b' _mint(to, id);' src/Goo.sol, 102, b' _mint(to, amount);' src/Pages.sol, 211, b' _mint(msg.sender, pageId);' src/Pages.sol, 251, b' for (uint256 i = 0; i < numPages; i++) _mint(community, ++lastMintedPageId);'

L02: address variable should check if it is zero MISSING CHECKS FOR ADDRESS(0X0) WHEN ASSIGNING VALUES TO ADDRESS STATE VARIABLES

prof

src/ArtGobblers.sol, 314, b' goo = _goo;' src/ArtGobblers.sol, 315, b' pages = _pages;' src/ArtGobblers.sol, 316, b' team = _team;' src/ArtGobblers.sol, 317, b' community = _community;' src/ArtGobblers.sol, 318, b' randProvider = _randProvider;' src/ArtGobblers.sol, 564, b' randProvider = newRandProvider; // Update the randomness provider.' src/utils/rand/ChainlinkV1RandProvider.sol, 55, b' artGobblers = _artGobblers;' script/deploy/DeployBase.s.sol, 49, b' teamColdWallet = _teamColdWallet;' script/deploy/DeployBase.s.sol, 52, b' vrfCoordinator = _vrfCoordinator;' script/deploy/DeployBase.s.sol, 53, b' linkToken = _linkToken;' script/deploy/DeployBase.s.sol, 70, b' teamReserve = new GobblerReserve(ArtGobblers(gobblerAddress), teamColdWallet);' script/deploy/DeployBase.s.sol, 71, b' communityReserve = new GobblerReserve(ArtGobblers(gobblerAddress), teamColdWallet);' script/deploy/DeployBase.s.sol, 78, b' randProvider = new ChainlinkV1RandProvider(\n ArtGobblers(gobblerAddress),\n vrfCoordinator,\n linkToken,\n chainlinkKeyHash,\n chainlinkFee\n );' script/deploy/DeployBase.s.sol, 86, b' goo = new Goo(\n // Gobblers contract address:\n gobblerAddress,\n // Pages contract address:\n pageAddress\n );' script/deploy/DeployBase.s.sol, 99, b' artGobblers = new ArtGobblers(\n merkleRoot,\n mintStart,\n goo,\n Pages(pageAddress),\n address(teamReserve),\n address(communityReserve),\n randProvider,\n gobblerBaseUri,\n gobblerUnrevealedUri\n );' script/deploy/DeployBase.s.sol, 102, b' pages = new Pages(mintStart, goo, teamColdWallet, artGobblers, pagesBaseUri);' src/utils/token/PagesERC721.sol, 43, b' artGobblers = _artGobblers;' src/utils/GobblerReserve.sol, 24, b' artGobblers = _artGobblers;' src/Goo.sol, 83, b' artGobblers = _artGobblers;' src/Goo.sol, 84, b' pages = _pages;' lib/solmate/src/auth/Owned.sol, 30, b' owner = _owner;' lib/solmate/src/auth/Owned.sol, 40, b' owner = newOwner;' src/Pages.sol, 179, b' goo = _goo;' src/Pages.sol, 181, b' community = _community;' src/utils/token/PagesERC721.sol, 43, b' artGobblers = _artGobblers;' src/utils/rand/ChainlinkV1RandProvider.sol, 55, b' artGobblers = _artGobblers;'

none-critical issue foundings

N01: EVENT IS MISSING INDEXED FIELDS

prof

src/ArtGobblers.sol, 236, b' event RandomnessFulfilled(uint256 randomness);' src/utils/rand/RandProvider.sol, 13, b' event RandomBytesRequested(bytes32 requestId);' src/utils/rand/RandProvider.sol, 14, b' event RandomBytesReturned(bytes32 requestId, uint256 randomness);'

N02: NON-LIBRARY/INTERFACE FILES SHOULD USE FIXED COMPILER VERSIONS, NOT FLOATING ONES

src/ArtGobblers.sol, 2, b'pragma solidity >=0.8.0;' src/utils/rand/ChainlinkV1RandProvider.sol, 2, b'pragma solidity >=0.8.0;' script/deploy/DeployBase.s.sol, 2, b'pragma solidity >=0.8.0;' script/deploy/DeployRinkeby.s.sol, 2, b'pragma solidity >=0.8.0;'

#0 - GalloDaSballo

2022-10-06T19:13:25Z

SafeMint L

Address(0) L

Library NC

Event indexing is not explained

#1 - GalloDaSballo

2022-10-06T19:13:29Z

2L 1NC

#2 - GalloDaSballo

2022-10-13T23:39:13Z

Formatting is off, will detract 1 point

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter