Gamestarter - Smart Contract Audit Report
Summary
Gamestarter is building an NFT marketplace.
For this audit, we reviewed the project team's GameCoin and NFT MarketPlace at commit 048bc13e65235a4d135e71d2bbe680ce67aa0001 on the team's GitHub repository.
Notes on the Contracts:
GameCoinNFTMarketPlace
- GameCoin is an ERC20 with name "Game Coin" and symbol "GAME".
- Upon deployment, 100,000,000 GAME tokens will be minted.
- There are no fees on transfers for the token.
- No ownership restricted functions are present.
Audit Findings Summary
- This contract provides functionality for vendors to list NFTs and customers to spend tokens in exchange for proof of purchase within the contract.
- Vendors can list any number of different NFTs and can specify the quantity of each type of NFT they are selling.
- Users can query the vendor data, including the supply of each type of NFT that a vendor has for sale.
- There are no NFTs being transferred in this contract, this contract is only used to keep track of customer purhcases and vendor selling data.
- When an NFT is sold, the buyer's funds are transferred into the contract owner's address instead of being sent to the seller.
- The contract owner can recover any tokens erroneously sent to the contract at any time.
- Solidity v0.8.x is used to prevent overflows.
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Note that when a vendor sells their NFT, the funds for purchase are sent to the contract owner address and not the vendor address.
- Date: September 8th, 2021.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
GameCoin Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ GameCoin (ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] decimals
NFTMarketPlace Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ NFTMarketPlace
- [Pub] #
- [Ext] sellNFT #
- [Ext] cancelNFTSale #
- [Ext] buyNFT #
- [Ext] getCustomerPurchaseData
- [Ext] getVendorProductCount
- [Ext] getCustomerPurchaseCount
- [Ext] getVendorProductData
- [Ext] getCurrency
- [Ext] releaseTokens #