Agora - Smart Contract Audit Report
Summary
Agora is a new NFT marketplace on the Arbitrum network that allows users to sell and purchase NFTs.
Notes on the Contract:Audit Findings Summary
- User's have the ability to list their NFTs for sale on Agora's NFT marketplace platform by specifying their NFT contract address, Token ID number, and selling price in ETH. The owner must approve all NFTs in order for them to be listed successfully.
- During the approval process, the owner can assign any address as the "creator" and specify a "creator fee" for that particular NFT. The owner can set the creator fee to any percentage.
- After approval, the NFT is sent from the seller's address to the contract address and is eligible to be bought on the marketplace.
- There is a sale fee and a creator fee charged on all NFT purchases.
- The ETH collected from the sale fee is allocated to the owner, while the ETH collected from the creator fee is allocated to the assigned creator of the NFT. The owner and creator address can manually claim any ETH that is due to them at any time.
- The remaining portion of the purchaser’s payment will be sent to the seller of the NFT.
- The owner can modify the sale fee to any percentage less than 2.5% at any time.
- The seller can delist their NFT from the marketplace at any time.
- The contract utilizes SafeMath to prevent overflows and complies with the ERC721 standard.
- No external threats were identified.
- Date: October 27th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC165
- [Ext] supportsInterface
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ [Lib] Counters
- [Int] current
- [Int] increment #
- [Int] decrement #
- [Int] reset #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Int] _setApprovalForAll #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
+ ERC721URIStorage (ERC721)
- [Pub] tokenURI
- [Int] _setTokenURI #
- [Int] _burn #
+ ReentrancyGuard
- [Pub] #
+ NFTMarket (ReentrancyGuard, Ownable, IERC721Receiver)
- [Pub] setSaleFee #
- modifiers: onlyOwner
- [Pub] getNumberItemsSold
- [Pub] getContractVolume
- [Pub] getCreatorFee
- [Pub] addCollection #
- modifiers: onlyOwner
- [Pub] isContractAuthorized
- [Pub] onERC721Received #
- [Pub] createMarketItem ($)
- modifiers: nonReentrant,isAuthorized
- [Pub] createMarketSale ($)
- modifiers: nonReentrant,isAuthorized
- [Pub] fetchMarketItem
- [Ext] delistMarketItem #
- modifiers: nonReentrant,isAuthorized
- [Pub] fetchMarketItems
- [Pub] fetchAllMarketItems
- [Pub] fetchMarketItems
- [Pub] fetchMyNFTsSold
- [Pub] fetchMyNFTs
- [Pub] fetchMyNFTsOnSale
- [Pub] withdrawRoyalties ($)
- [Pub] withdrawFees ($)
- modifiers: onlyOwner