BigBug - Audit Report
Summary
Big Bugs is a new protocol that allows users to purchase NFTs.
For this audit we reviewed the project's BigBug NFT contract using code that was provided to us by the team.
Notes on the Contract:Audit Findings Summary
- The maximum supply is set to 10,000 BigBug NFTs.
- Any user has the ability to mint BigBug NFTs in exchange for ETH.
- There is a maximum transaction amount (determined by the owner) which imposes a limit of NFTs that can be purchased during any given transaction. The amount of NFTs being purchased by a user cannot exceed the maximum supply of 10,000 NFTs.
- The standard price for purchasing BigBug NFTs is 0.05 ether per NFT.
- Users must exercise caution as to enter the exact amount of ETH required for purchasing their desired amount of NFTs. Any excess amount of ETH provided will be accepted and sent directly to the project team.
- The owner can enable a Presale mode in the contract which attempts to prevent user's from purhcasing NFTs unless they are pre-approved via an EIP-712 signed message from the deployer or signer of the contract. However, an issue exists with this method because their is no validation check on the user's address. User's have the ability to use the signed message to mint NFTs from multiple different addresses.
- During Presale mode, a user cannot purchase NFTs if their balance will exceed the maximum wallet amount of 3 NFTs.
- The owner can modify the standard price per NFT to any value at any time.
- The owner can withdraw all of the ETH from the contract address at any time.
- The owner can update the maximum amount of NFTs a user can purchase to any value.
- The owner can pause/unpause the ability for users to purchase NFTs at any time.
- The owner can update the BaseURI at any time.
- The contract utilizes SafeMath to prevent overflows and complies with the ERC721 standard.
- No external threats were identified.
- Users must exercise caution as to enter the exact amount of ETH required for purchasing their desired amount of NFTs. Any excess amount of ETH provided will be accepted and sent directly to the project team.
- Any issue exists regarding a user's ability to mint NFTs (in Presale mode) from multiple addresses with the use one signed message.
- Please ensure trust in the team as they have substantial control in the ecosystem and can pause trading at any time.
- Date: November 4th, 2021
- Updated: November 21th, 2021 to reflect new changes to the contract.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ ERC721Enumerable (ERC721, IERC721Enumerable)
- [Pub] supportsInterface
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Int] _beforeTokenTransfer #
- [Prv] _addTokenToOwnerEnumeration #
- [Prv] _addTokenToAllTokensEnumeration #
- [Prv] _removeTokenFromOwnerEnumeration #
- [Prv] _removeTokenFromAllTokensEnumeration #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Lib] ECDSA
- [Prv] _throwError
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] toEthSignedMessageHash
- [Int] toTypedDataHash
+ BigBugs (ERC721Enumerable, Ownable)
- [Pub] #
- modifiers: ERC721
- [Int] _baseURI
- [Pub] mint ($)
- [Pub] presaleMint ($)
- [Prv] mintX #
- [Pub] walletOfOwner
- [Pub] tokenURI
- [Prv] hashTransaction
- [Prv] recoverSignerAddress
- [Pub] setSigner #
- modifiers: onlyOwner
- [Pub] setCost #
- modifiers: onlyOwner
- [Pub] setMaxMintAmount #
- modifiers: onlyOwner
- [Pub] setBaseURI #
- modifiers: onlyOwner
- [Pub] togglePause #
- modifiers: onlyOwner
- [Pub] togglePreSale #
- modifiers: onlyOwner
- [Pub] configure #
- modifiers: onlyOwner
- [Pub] withdraw ($)
- modifiers: onlyOwner