Platform: Code4rena
Start Date: 06/05/2021
Pot Size: $66,000 USDC
Total HM: 16
Participants: 11
Period: 6 days
Judge: cemozer
Total Solo HM: 9
Id: 8
League: ETH
Rank: 9/11
Findings: 3
Award: $1,234.68
🌟 Selected for report: 2
🚀 Solo Findings: 0
224.9987 USDC - $225.00
maplesyrup
Using blockhash/blocknumber and randNone are subject to attack, particularly by malicious miners:
This could be used to the behavior of getRandomTokenIdFromFund to cause a preferential TokenId to be returned. It allows for gaming of the system by miners or a savvy attacker.
Slither
Use of an on-chain oracle for true randomness:
ChainLink- https://blog.chain.link/verifiable-random-functions-vrf-random-number-generation-rng-feature/ RanDAO - https://github.com/randao/randao Provable - https://provable.xyz/
#0 - cemozerr
2021-05-25T23:04:54Z
🌟 Selected for report: 0xRajeev
Also found by: maplesyrup, shw
323.8167 USDC - $323.82
@maplesyrup
This vulnerability does not cause any immediate risk to the contract and its safety.
This is strictly a Gas Optimization recommendation.
Public functions that are never called by the contract should be declared external to save gas.
Mentions external: External functions are part of the contract interface, which means they can be called from other contracts and via transactions. An external function f cannot be called internally (i.e. f() does not work, but this.f() works). External functions are sometimes more efficient when they receive large arrays of data.
Also External calls use calldata which is more efficient
Below is the functions found that can be set to external to help save gas:
"__NFTXEligibilityManager_init() should be declared external:\n\t- NFTXEligibilityManager.__NFTXEligibilityManager_init() (contracts/solidity/NFTXEligiblityManager.sol#18-20)\n",
"addModule(address) should be declared external:\n\t- NFTXEligibilityManager.addModule(address) (contracts/solidity/NFTXEligiblityManager.sol#22-25)\n", "updateModule(uint256,address) should be declared external:\n\t- NFTXEligibilityManager.updateModule(uint256,address) (contracts/solidity/NFTXEligiblityManager.sol#27-29)\n",
The functions in the following contract should be declared as external:
NFTXEligiblityManager.sol:
Line 17: function __NFTXEligibilityManager_init() public initializer {…}. <---- Should be declared as external
Line 21: function addModule(address implementation) public onlyOwner {…} <---- Should be declared as external
Line 26: function updateModule(uint256 index, address implementation) public onlyOwner {..} <---- Should be declared as external
"__FeeDistributor__init__(address,address) should be declared external:\n\t- NFTXFeeDistributor.__FeeDistributor__init__(address,address) (contracts/solidity/NFTXFeeDistributor.sol#35-41)\n",
The functions in the following contract should be declared as external:
NFTXFeeDistributor.sol:
Line 34: function FeeDistributor__init(address _lpStaking, address _treasury) public override initializer {…} <---- Should be declared as external
"__NFTXVaultFactory_init(address,address,address) should be declared external:\n\t- NFTXVaultFactoryUpgradeable.__NFTXVaultFactory_init(address,address,address) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#33-39)\n", "createVault(string,string,address,bool,bool) should be declared external:\n\t- NFTXVaultFactoryUpgradeable.createVault(string,string,address,bool,bool) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#41-60)\n", "setFeeReceiver(address) should be declared external:\n\t- NFTXVaultFactoryUpgradeable.setFeeReceiver(address) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#62-66)\n",
The functions in the following contract should be declared as external:
NFTXVaultFactoryUpgradeable.sol:
Line 33: function __NFTXVaultFactory_init(address _vaultImpl, address _prevContract, address _feeReceiver) public override initializer {…} <---- Should be declared as external
Line 41: function createVault ( string memory name, string memory symbol, address _assetAddress, bool is1155, bool allowAllItems ) public virtual override returns (uint256) {…} <---- Should be declared as external
Line 62: function setFeeReceiver(address _feeReceiver) public onlyOwner virtual override {…} <---- Should be declared as external
"__NFTXVault_init(string,string,address,bool,bool) should be declared external:\n\t- NFTXVaultUpgradeable.__NFTXVault_init(string,string,address,bool,bool) (contracts/solidity/NFTXVaultUpgradeable.sol#100-117)\n",
The functions in the following contract should be declared as external:
NFTXVaultUpgradeable.sol:
Line 100: function __NFTXVault_init( string memory _name, string memory _symbol, address _assetAddress, bool _is1155, bool _allowAllItems ) public initializer { … } <---- Should be declared as external
"__StakingTokenProvider_init(address,address,string) should be declared external:\n\t- StakingTokenProvider.__StakingTokenProvider_init(address,address,string) (contracts/solidity/StakingTokenProvider.sol#23-28)\n",
The functions in the following contract should be declared as external:
StakingTokenProvider.sol:
Line 23: function __StakingTokenProvider_init(address _uniLikeExchange, address _defaultPairedtoken, string memory _defaultPrefix) public initializer {…} <---- Should be declared as external
"name() should be declared external:\n\t- NFTXDeferEligibility.name() (contracts/solidity/eligibility/NFTXDeferEligibility.sol#10-12)\n\t- NFTXDenyEligibility.name() (contracts/solidity/eligibility/NFTXDenyEligibility.sol#9-11)\n\t- NFTXEligibility.name() (contracts/solidity/eligibility/NFTXEligibility.sol#10)\n\t- NFTXListEligibility.name() (contracts/solidity/eligibility/NFTXListEligibility.sol#12-14)\n\t- NFTXMintRequestEligibility.name() (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#24-26)\n\t- NFTXRangeEligibility.name() (contracts/solidity/eligibility/NFTXRangeEligibility.sol#18-20)\n\t- NFTXUniqueEligibility.name() (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#18-20)\n"
The function in the following contract(s) should be declared as external:
function name() public view override virtual returns (string memory) { … } <---- Should be declared as external
NFTXDeferEligibility.sol (Line 10) NFTXDenyEligibility.sol (Line 9) NFTXEligibility.sol (Line 10) NFTXListEligibility.sol (Line 12) NFTXMintRequestEligibility.sol (Line 24) NFTXRangeEligibility.sol (Line 18) NFTXUniqueEligibility.sol (Line 18)
"__NFTXEligibility_init_bytes(bytes) should be declared external:\n\t- NFTXDeferEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXDeferEligibility.sol#32-37)\n\t- NFTXEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXEligibility.sol#13)\n\t- NFTXListEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXListEligibility.sol#28-33)\n\t- NFTXMintRequestEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#58-68)\n\t- NFTXRangeEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXRangeEligibility.sol#44-54)\n\t- NFTXUniqueEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#47-57)\n",
The function in the following contract(s) should be declared as external:
function __NFTXEligibility_init_bytes( bytes memory configData ) public override virtual initializer {…} <---- Should be declared as external
NFTXDeferEligibility.sol (Line 32) NFTXEligibility.sol (Line 13) NFTXListEligibility.sol (Line 28) NFTXMintRequestEligibility.sol (Line 58) NFTXRangeEligibility.sol (Line 44) NFTXUniqueEligibility.sol (Line 47)
"setUniqueEligibilities(uint256[],bool) should be declared external:\n\t- NFTXMintRequestEligibility.setUniqueEligibilities(uint256[],bool) (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#218-226)\n",
The function in the following contract(s) should be declared as external:
NFTXMintRequestEligibility.sol:
Line 218: function setUniqueEligibilities(uint256[] memory tokenIds, bool _isEligible) public virtual {…} <---- Should be declared as external
"setEligibilityPreferences(bool) should be declared external:\n\t- NFTXUniqueEligibility.setEligibilityPreferences(bool) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#85-91)\n", "setUniqueEligibilities(uint256[],bool) should be declared external:\n\t- NFTXUniqueEligibility.setUniqueEligibilities(uint256[],bool) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#93-99)\n",
The function(s) in the following contract(s) should be declared as external:
NFTXUniqueEligibility.sol
Line 85: function setEligibilityPreferences(bool _reverseEligOnRedeem) public onlyOwner {…} <---- Should be declared as external
Line 93: function setUniqueEligibilities(uint256[] memory tokenIds, bool _isEligible) public virtual onlyOwner {…} <---- Should be declared as external
"upgradeTo(address) should be declared external:\n\t- UpgradeableBeacon.upgradeTo(address) (contracts/solidity/proxy/UpgradeableBeacon.sol#48-51)\n",
The function(s) in the following contract(s) should be declared as external:
UpgradeableBeacon.sol:
"mintTo(uint256[],uint256[],address) should be declared external:\n\t- MockVault.mintTo(uint256[],uint256[],address) (contracts/solidity/testing/MockVault.sol#15-21)\n",
The function(s) in the following contract(s) should be declared as external:
MockVault.sol:
"onERC1155Received(address,address,uint256,uint256,bytes) should be declared external:\n\t- ERC1155HolderUpgradeable.onERC1155Received(address,address,uint256,uint256,bytes) (contracts/solidity/token/ERC1155HolderUpgradeable.sol#9-17)\n", "onERC1155BatchReceived(address,address,uint256[],uint256[],bytes) should be declared external:\n\t- ERC1155HolderUpgradeable.onERC1155BatchReceived(address,address,uint256[],uint256[],bytes) (contracts/solidity/token/ERC1155HolderUpgradeable.sol#19-27)\n",
The function(s) in the following contract(s) should be declared as external:
ERC1155HolderUpgradeable.sol:
Line 9: function onERC1155Received( address, address, uint256, uint256, bytes memory ) public virtual override returns (bytes4) {…} <---- Should be declared as external
Line 19: function onERC1155BatchReceived( address, address, uint256[] memory, uint256[] memory, bytes memory ) public virtual override returns (bytes4) {…} <---- Should be declared as external
"burn(uint256) should be declared external:\n\t- ERC20BurnableUpgradeable.burn(uint256) (contracts/solidity/token/ERC20BurnableUpgradeable.sol#30-32)\n\t- RewardDistributionTokenUpgradeable.burn(uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#94-96)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20BurnableUpgradeable.sol
Line 30: function burn(uint256 amount) public virtual {…} <---- Should be declared as external
RewardDistributionTokenUpgradeable.sol:
Line 94: function burn(uint256 amount) public virtual override {…} <---- Should be declared as external
"maxFlashLoan(address) should be declared external:\n\t- ERC20FlashMintUpgradeable.maxFlashLoan(address) (contracts/solidity/token/ERC20FlashMintUpgradeable.sol#31-33)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20FlashMintUpgradeable.sol:
Line 31: function maxFlashLoan(address token) public view override returns (uint256) {…} <---- Should be declared as external
"name() should be declared external:\n\t- ERC20Upgradeable.name() (contracts/solidity/token/ERC20Upgradeable.sol#80-82)\n", "symbol() should be declared external:\n\t- ERC20Upgradeable.symbol() (contracts/solidity/token/ERC20Upgradeable.sol#88-90)\n", "decimals() should be declared external:\n\t- ERC20Upgradeable.decimals() (contracts/solidity/token/ERC20Upgradeable.sol#105-107)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20Upgradeable.sol
Line 80: function name() public view override virtual returns (string memory) {…} <---- Should be declared as external
Line 88: function symbol() public view override virtual returns (string memory) {…} <---- Should be declared as external
Line 105: function decimals() public view virtual returns (uint8) {…} <---- Should be declared as external
"transfer(address,uint256) should be declared external:\n\t- ERC20Upgradeable.transfer(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#137-145)\n\t- RewardDistributionTokenUpgradeable.transfer(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#53-61)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20Upgradeable.sol:
Line 137: function transfer(address recipient, uint256 amount) public virtual override returns (bool) {…} <---- Should be declared as external
RewardDistributionTokenUpgradeable.sol:
Line 53: function transfer(address recipient, uint256 amount) public virtual override returns (bool) {…} <---- Should be declared as external
"approve(address,uint256) should be declared external:\n\t- ERC20Upgradeable.approve(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#167-175)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20Upgradeable.sol:
Line 167:
function approve(address spender, uint256 amount) public virtual override returns (bool) {…} <---- Should be declared as external
"transferFrom(address,address,uint256) should be declared external:\n\t- ERC20Upgradeable.transferFrom(address,address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#190-206)\n\t- RewardDistributionTokenUpgradeable.transferFrom(address,address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#76-92)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20Upgradeable.sol
Line 190:
function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {…} <---- Should be declared as external
RewardDistributionTokenUpgradeable.sol:
Line 76:
function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {…} <---- Should be declared as external
"increaseAllowance(address,uint256) should be declared external:\n\t- ERC20Upgradeable.increaseAllowance(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#220-231)\n", "decreaseAllowance(address,uint256) should be declared external:\n\t- ERC20Upgradeable.decreaseAllowance(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#247-261)\n",
The function(s) in the following contract(s) should be declared as external:
ERC20Upgradeable.sol:
Line 220: function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {…} <---- Should be declared as external
Line 247: function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {…} <---- Should be declared as external
"onERC721Received(address,address,uint256,bytes) should be declared external:\n\t- ERC721HolderUpgradeable.onERC721Received(address,address,uint256,bytes) (contracts/solidity/token/ERC721HolderUpgradeable.sol#19-26)\n",
The function(s) in the following contract(s) should be declared as external:
ERC721HolderUpgradeable.sol:
Line 19: function onERC721Received( address, address, uint256, bytes memory ) public virtual override returns (bytes4) {…} <---- Should be declared as external
"__RewardDistributionToken_init(IERC20Upgradeable,string,string) should be declared external:\n\t- RewardDistributionTokenUpgradeable.__RewardDistributionToken_init(IERC20Upgradeable,string,string) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#46-51)\n", "mint(address,uint256) should be declared external:\n\t- RewardDistributionTokenUpgradeable.mint(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#98-100)\n", "burnFrom(address,uint256) should be declared external:\n\t- RewardDistributionTokenUpgradeable.burnFrom(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#113-118)\n", "dividendOf(address) should be declared external:\n\t- RewardDistributionTokenUpgradeable.dividendOf(address) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#159-161)\n", "withdrawnRewardOf(address) should be declared external:\n\t- RewardDistributionTokenUpgradeable.withdrawnRewardOf(address) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#173-175)\n",
The function(s) in the following contract(s) should be declared as external:
RewardDistributionTokenUpgradeable.sol:
Line 46: function __RewardDistributionToken_init(IERC20Upgradeable _target, string memory _name, string memory _symbol) public initializer {…} <---- Should be declared as external
Line 98: function mint(address account, uint256 amount) public onlyOwner virtual {…} <---- Should be declared as external
Line 113: function burnFrom(address account, uint256 amount) public onlyOwner virtual {…} <---- Should be declared as external
Line 159: function dividendOf(address _owner) public view returns(uint256) {…} <---- Should be declared as external
Line 173: function withdrawnRewardOf(address _owner) public view returns(uint256) {…} <---- Should be declared as external
"unpause(uint256) should be declared external:\n\t- PausableUpgradeable.unpause(uint256) (contracts/solidity/util/PausableUpgradeable.sol#28-35)\n", "pause(uint256) should be declared external:\n\t- PausableUpgradeable.pause(uint256) (contracts/solidity/util/PausableUpgradeable.sol#37-41)\n", "setIsGuardian(address,bool) should be declared external:\n\t- PausableUpgradeable.setIsGuardian(address,bool) (contracts/solidity/util/PausableUpgradeable.sol#43-46)\n"
The function(s) in the following contract(s) should be declared as external:
PausableUpgradeable.sol
Line 28: function unpause(uint256 lockId) public virtual onlyOwner {…} <---- Should be declared as external
Line 37: function pause(uint256 lockId) public virtual {…} <---- Should be declared as external
Line 43: function setIsGuardian(address addr, bool _isGuardian) public virtual onlyOwner {…} <---- Should be declared as external
INFO:Detectors: __NFTXEligibilityManager_init() should be declared external: - NFTXEligibilityManager.__NFTXEligibilityManager_init() (contracts/solidity/NFTXEligiblityManager.sol#17-19) addModule(address) should be declared external: - NFTXEligibilityManager.addModule(address) (contracts/solidity/NFTXEligiblityManager.sol#21-24) updateModule(uint256,address) should be declared external: - NFTXEligibilityManager.updateModule(uint256,address) (contracts/solidity/NFTXEligiblityManager.sol#26-28) FeeDistributor__init(address,address) should be declared external: - NFTXFeeDistributor.FeeDistributor__init(address,address) (contracts/solidity/NFTXFeeDistributor.sol#35-41) __NFTXVaultFactory_init(address,address,address) should be declared external: - NFTXVaultFactoryUpgradeable.__NFTXVaultFactory_init(address,address,address) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#33-39) createVault(string,string,address,bool,bool) should be declared external: - NFTXVaultFactoryUpgradeable.createVault(string,string,address,bool,bool) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#41-60) setFeeReceiver(address) should be declared external: - NFTXVaultFactoryUpgradeable.setFeeReceiver(address) (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#62-66) __NFTXVault_init(string,string,address,bool,bool) should be declared external: - NFTXVaultUpgradeable.__NFTXVault_init(string,string,address,bool,bool) (contracts/solidity/NFTXVaultUpgradeable.sol#100-117) __StakingTokenProvider_init(address,address,string) should be declared external: - StakingTokenProvider.__StakingTokenProvider_init(address,address,string) (contracts/solidity/StakingTokenProvider.sol#23-28) name() should be declared external: - NFTXDeferEligibility.name() (contracts/solidity/eligibility/NFTXDeferEligibility.sol#10-12) - NFTXDenyEligibility.name() (contracts/solidity/eligibility/NFTXDenyEligibility.sol#9-11) - NFTXEligibility.name() (contracts/solidity/eligibility/NFTXEligibility.sol#10) - NFTXListEligibility.name() (contracts/solidity/eligibility/NFTXListEligibility.sol#12-14) - NFTXMintRequestEligibility.name() (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#24-26) - NFTXRangeEligibility.name() (contracts/solidity/eligibility/NFTXRangeEligibility.sol#18-20) - NFTXUniqueEligibility.name() (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#18-20) __NFTXEligibility_init_bytes(bytes) should be declared external: - NFTXDeferEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXDeferEligibility.sol#32-37) - NFTXEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXEligibility.sol#13) - NFTXListEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXListEligibility.sol#28-33) - NFTXMintRequestEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#58-68) - NFTXRangeEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXRangeEligibility.sol#44-54) - NFTXUniqueEligibility.__NFTXEligibility_init_bytes(bytes) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#47-57) setUniqueEligibilities(uint256[],bool) should be declared external: - NFTXMintRequestEligibility.setUniqueEligibilities(uint256[],bool) (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#218-226) setEligibilityPreferences(bool) should be declared external: - NFTXUniqueEligibility.setEligibilityPreferences(bool) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#85-91) setUniqueEligibilities(uint256[],bool) should be declared external: - NFTXUniqueEligibility.setUniqueEligibilities(uint256[],bool) (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#93-99) upgradeTo(address) should be declared external: - UpgradeableBeacon.upgradeTo(address) (contracts/solidity/proxy/UpgradeableBeacon.sol#48-51) mintTo(uint256[],uint256[],address) should be declared external: - MockVault.mintTo(uint256[],uint256[],address) (contracts/solidity/testing/MockVault.sol#14-20) onERC1155Received(address,address,uint256,uint256,bytes) should be declared external: - ERC1155HolderUpgradeable.onERC1155Received(address,address,uint256,uint256,bytes) (contracts/solidity/token/ERC1155HolderUpgradeable.sol#9-17) onERC1155BatchReceived(address,address,uint256[],uint256[],bytes) should be declared external: - ERC1155HolderUpgradeable.onERC1155BatchReceived(address,address,uint256[],uint256[],bytes) (contracts/solidity/token/ERC1155HolderUpgradeable.sol#19-27) burn(uint256) should be declared external: - ERC20BurnableUpgradeable.burn(uint256) (contracts/solidity/token/ERC20BurnableUpgradeable.sol#30-32) - RewardDistributionTokenUpgradeable.burn(uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#94-96) maxFlashLoan(address) should be declared external: - ERC20FlashMintUpgradeable.maxFlashLoan(address) (contracts/solidity/token/ERC20FlashMintUpgradeable.sol#31-33) name() should be declared external: - ERC20Upgradeable.name() (contracts/solidity/token/ERC20Upgradeable.sol#80-82) symbol() should be declared external: - ERC20Upgradeable.symbol() (contracts/solidity/token/ERC20Upgradeable.sol#88-90) decimals() should be declared external: - ERC20Upgradeable.decimals() (contracts/solidity/token/ERC20Upgradeable.sol#105-107) transfer(address,uint256) should be declared external: - ERC20Upgradeable.transfer(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#137-145) - RewardDistributionTokenUpgradeable.transfer(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#53-61) approve(address,uint256) should be declared external: - ERC20Upgradeable.approve(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#167-175) transferFrom(address,address,uint256) should be declared external: - ERC20Upgradeable.transferFrom(address,address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#190-206) - RewardDistributionTokenUpgradeable.transferFrom(address,address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#76-92) increaseAllowance(address,uint256) should be declared external: - ERC20Upgradeable.increaseAllowance(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#220-231) decreaseAllowance(address,uint256) should be declared external: - ERC20Upgradeable.decreaseAllowance(address,uint256) (contracts/solidity/token/ERC20Upgradeable.sol#247-261) onERC721Received(address,address,uint256,bytes) should be declared external: - ERC721HolderUpgradeable.onERC721Received(address,address,uint256,bytes) (contracts/solidity/token/ERC721HolderUpgradeable.sol#19-26) __RewardDistributionToken_init(IERC20Upgradeable,string,string) should be declared external: - RewardDistributionTokenUpgradeable.__RewardDistributionToken_init(IERC20Upgradeable,string,string) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#46-51) mint(address,uint256) should be declared external: - RewardDistributionTokenUpgradeable.mint(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#98-100) burnFrom(address,uint256) should be declared external: - RewardDistributionTokenUpgradeable.burnFrom(address,uint256) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#113-118) dividendOf(address) should be declared external: - RewardDistributionTokenUpgradeable.dividendOf(address) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#159-161) withdrawnRewardOf(address) should be declared external: - RewardDistributionTokenUpgradeable.withdrawnRewardOf(address) (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#173-175) unpause(uint256) should be declared external: - PausableUpgradeable.unpause(uint256) (contracts/solidity/util/PausableUpgradeable.sol#28-35) pause(uint256) should be declared external: - PausableUpgradeable.pause(uint256) (contracts/solidity/util/PausableUpgradeable.sol#37-41) setIsGuardian(address,bool) should be declared external: - PausableUpgradeable.setIsGuardian(address,bool) (contracts/solidity/util/PausableUpgradeable.sol#43-46) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external
Compiled, Tested, and Deployed contracts on a local Hardhat network.
Ran Slither-analyzer for further detecting and testing.
(Worked best under a python virtual environment)
🌟 Selected for report: maplesyrup
maplesyrup
The source files have different solidity compiler ranges referenced. This leads to potential security flaws between deployed contracts depending on the compiler version chosen for any particular file. It also greatly increases the cost of maintenance as different compiler versions have different semantics and behavior.
This defect has numerous surfaces at https://github.com/code-423n4/2021-05-nftx/tree/main/nftx-protocol-v2/contracts/solidity
Different versions of Solidity are used in : - Version used: ['0.6.8', '>=0.4.22<0.9.0', '>=0.4.24<0.7.0', '>=0.6.0<0.8.0', '>=0.6.2<0.8.0', '^0.6.0', '^0.6.8'] - 0.6.8 (contracts/solidity/NFTXEligiblityManager.sol#2) - ABIEncoderV2 (contracts/solidity/NFTXEligiblityManager.sol#3) - ^0.6.8 (contracts/solidity/NFTXFeeDistributor.sol#3) - 0.6.8 (contracts/solidity/NFTXLPStaking.sol#3) - 0.6.8 (contracts/solidity/NFTXVaultFactoryUpgradeable.sol#3) - 0.6.8 (contracts/solidity/NFTXVaultUpgradeable.sol#3) - 0.6.8 (contracts/solidity/StakingTokenProvider.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXDeferEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXDenyEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXListEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXMintRequestEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXRangeEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/NFTXUniqueEligibility.sol#3) - 0.6.8 (contracts/solidity/eligibility/UniqueEligibility.sol#2) - >=0.6.0<0.8.0 (contracts/solidity/interface/IERC165Upgradeable.sol#3) - 0.6.8 (contracts/solidity/interface/IERC3156Upgradeable.sol#3) - 0.6.8 (contracts/solidity/interface/INFTXEligibility.sol#2) - 0.6.8 (contracts/solidity/interface/INFTXEligibilityManager.sol#1) - ^0.6.8 (contracts/solidity/interface/INFTXFeeDistributor.sol#3) - 0.6.8 (contracts/solidity/interface/INFTXLPStaking.sol#3) - 0.6.8 (contracts/solidity/interface/INFTXVault.sol#3) - 0.6.8 (contracts/solidity/interface/INFTXVaultFactory.sol#3) - 0.6.8 (contracts/solidity/interface/IPrevNftxContract.sol#3) - 0.6.8 (contracts/solidity/interface/IRewardDistributionToken.sol#3) - 0.6.8 (contracts/solidity/interface/IVaultTokenUpgradeable.sol#3) - 0.6.8 (contracts/solidity/proxy/BeaconProxy.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/proxy/ClonesUpgradeable.sol#3) - 0.6.8 (contracts/solidity/proxy/IBeacon.sol#3) - >=0.4.24<0.7.0 (contracts/solidity/proxy/Initializable.sol#3) - 0.6.8 (contracts/solidity/proxy/Proxy.sol#3) - 0.6.8 (contracts/solidity/proxy/UpgradeableBeacon.sol#3) - 0.6.8 (contracts/solidity/testing/MockStakingProvider.sol#3) - 0.6.8 (contracts/solidity/testing/MockVault.sol#2) - ^0.6.0 (contracts/solidity/token/ERC1155HolderUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/token/ERC20BurnableUpgradeable.sol#3) - 0.6.8 (contracts/solidity/token/ERC20FlashMintUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/token/ERC20Upgradeable.sol#3) - ^0.6.0 (contracts/solidity/token/ERC721HolderUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/token/IERC1155ReceiverUpgradeable.sol#3) - >=0.6.2<0.8.0 (contracts/solidity/token/IERC1155Upgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/token/IERC20Upgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/token/IERC721ReceiverUpgradeable.sol#3) - >=0.6.2<0.8.0 (contracts/solidity/token/IERC721Upgradeable.sol#3) - 0.6.8 (contracts/solidity/token/RewardDistributionTokenUpgradeable.sol#2) - 0.6.8 (contracts/solidity/util/Address.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/ContextUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/EnumerableSetUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/OwnableUpgradeable.sol#3) - 0.6.8 (contracts/solidity/util/PausableUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/ReentrancyGuardUpgradeable.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/SafeERC20Upgradeable.sol#3) - 0.6.8 (contracts/solidity/util/SafeMathInt.sol#3) - >=0.6.0<0.8.0 (contracts/solidity/util/SafeMathUpgradeable.sol#3) - >=0.4.22<0.9.0 (node_modules/hardhat/console.sol#2)
Slither
Fix a definite compiler range that is consistent between contracts and upgrade any affected contracts to conform to the specified compiler.
#0 - 0xKiwi
2021-05-20T21:37:22Z
We have updated everything to 0.8.x.
🌟 Selected for report: maplesyrup
maplesyrup
The ABIEncoderV2 pragma is not included and so presumably will not be properly used.
Note there is a bug in the encoder V2:
https://blog.ethereum.org/2019/03/26/solidity-optimizer-and-abiencoderv2-bug/
but the code does not appear to be impacted.
Slither
Include 'pragma experimental ABIEncoderV2;' in the above referenced file.
#0 - 0xKiwi
2021-05-20T21:51:23Z
We have changed the code to use 0.8.0.