HighCouncilOfKingz NFT - Smart Contract Audit Report

Audit Summary

HighCoKAudit Report HighCouncilOfKingz is a new NFT collection with a unique claiming format that requires a designated NFT to verify eligibility.

For this audit, we reviewed the HighCouncilOfKingz and CouncilOfKingzMintPass contracts provided to us by the project team.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: February 28th, 2022.

Finding #1 - HighCouncilOfKingz - High (Resolved)

Description: The _mintNFT() function is vulnerable to reentrancy attacks where the user can use the same MintPass NFT to mint multiple HighCouncilOfKingz NFTs as long as the attacker can provide new "Burnable" token IDs. The _mintNFT() function is called by both the mint() and ownerMint() functions.
Risk/Impact: A contract can use an onERC721Received() fallback function to call the external mint() function repeatedly with the same CouncilOfKingzMintPass NFT and a different group of Burnable token IDs to mint another HighCouncilOfKingz NFT, ignoring the total supply limit. Alternatively, if the owner is a contract, they can also bypass the total supply limit by repeatedly calling the ownerMint() function.
Recommendation: The logic in the _mintNFT() function should be restructured to follow the Checks-Effects-Interactions pattern. The _totalMintSupply value should be incremented prior to minting any NFTs.
for (uint256 i = 0; i < _mintAmount; i++) {
  _totalMintSupply++;
  _safeMint(_to, _getTokenToBeMinted(_totalMintSupply));
}
Resolution: The _mintNFT() function logic has been moved into the external mint() function and is updated prior to minting any HighCouncilOfKingz NFTs, in accordance with Checks-Effects-Interactions patterns. Additionally, the caller of the function cannot be a contract.

Finding #2 - HighCouncilOfKingz - High (Resolved)

Description: The burnForEmperor() function is vulnerable to reentrancy attacks where the user can burn HighCouncilOfKingz NFTs to mint Emperor NFTs, ignoring the total burn limit as long as the attacker's fallback function provides new HighCouncilOfKingz token IDs to burn.
Risk/Impact: A contract can use an onERC721Received() fallback function to call the external burnForEmperor() function repeatedly with different HighCouncilOfKingz NFTs to burn in order to continue minting Emperor tokens, ignoring the total HighCouncilOfKingz burn limit.
Recommendation: The logic in the burnForEmperor() function should be restructured to follow the Checks-Effects-Interactions pattern. The _totalBurnSupply value should be incremented prior to minting any Emperor tokens.
_burn(_tokenIds[i]);
_totalBurnSupply++;
emperorTokenContract.contractMint(_msgSender());
addressBurns[_msgSender()] += 1;
Resolution: The team has removed the burnForEmperor() function and any related functionality.

Finding #3 - HighCouncilOfKingz - Low (Resolved)

Description: The mint() function is vulnerable to reentrancy attacks where the user can use the same MintPass NFT to mint multiple HighCouncilOfKingz NFTs as long as the attacker can provide new "Burnable" token IDs.
Risk/Impact: A contract can use an onERC721Received() fallback function to call the external mint() function repeatedly with the same Mint Pass NFT and a different group of Burnable token IDs to mint another HighCouncilOfKingz NFT, without having their CouncilOfKingzMintPass NFT status marked as used.
Recommendation: The logic in the mint() function should be restructured to follow the Checks-Effects-Interactions pattern. The _mintPassTokenId should be marked as used prior to minting any NFTs.
IBurnableContract(burnableContract).burn(_burnTokenIds);
// mark the pass as used
IMintPassContract(mintPassContract).setAsUsed(_mintPassTokenId);
_mintNFT(_msgSender(), _mintAmount);
Resolution: All relevant variables, except the "Burnable" token IDs, are now updated prior to minting any HighCouncilOfKingz NFTs, in accordance with Checks-Effects-Interactions patterns. Additionally, the caller of the function cannot be a contract.

Finding #4 - HighCouncilOfKingz, CouncilOfKingzMintPass - Informational (Resolved)

Description: Several functions are declared public, but are never called internally.
- HighCouncilOfKingz: setMintEnable, withdraw
- CouncilOfKingzMintPass: isValid, resetTokens, withdraw
Recommendation: We recommend declaring these functions external for additional gas savings on each call.
Resolution: The team has declared the functions external.

Finding #5 - HighCouncilOfKingz - Informational (Resolved)

Description: The contract contains a modifier and function that are not used.
Function: flipPausedState
Modifier: contractIsNotPaused
Recommendation: We recommend removing the function and modifier listed above to reduce contract size and save on deployment costs if they are not needed for future functionality.
Resolution: The team the flipPausedState() function as well as the contractIsNotPaused modifier.

Contracts Overview

  • As the contracts are developed with Solidity 0.8.x, they are protected from overflow/underflow attacks.
  • These contracts comply with the ERC-721 standard.
CouncilOfKingzMintPass Contract:
  • This contract allows the owner to mint CouncilOfKingzMintPass NFTs to specified addresses.
  • CouncilOfKingzMintPass NFTs are intended to be used to claim HighCouncilOfKingz NFTs within the HighCouncilOfKingz contract.
  • Once a CouncilOfKingzMintPass NFT is used to claim a HighCouncilOfKingz NFT, a valid redeemer address must be used to update the CounofKingzMintPass NFT status.
  • The HighCouncilOfKingz contract is intended to be used as the redeemer address.
  • CouncilOfKingzMintPass NFTs are valid until they have been used to claim a HighCouncilOfKingz NFT or their expiration duration elapses.
  • The token URI value is set on deployment but is not meant to be the final base URI. Tokens that are used to claim HighCouncilOfKingz NFTs are assigned the used URI and tokens that expire are assigned the expired URI.

  • The redeemer address can set any NFT as used at any time, as long as the contract is not paused.
  • The owner can set the redeemer address at any time.
  • The owner can mint an NFT to any address at any time, as long as the contract is not paused.
  • The owner can pause and unpause the contract at any time.
  • The owner can set the expiration duration at any time.
  • The owner can reset the expiration time of any NFT at any time.
  • The owner can set the valid, used, and expired NFT URIs at any time.
  • The owner can set the contract URI at any time.
  • The owner can withdraw any of the blockchain's native token from the contract at any time.
HighCouncilOfKingz Contract:
  • The maximum total supply of HighCouncilOfKingz NFTs is 500.
  • While minting is enabled, users can mint a HighCouncilOfKingz NFT by using a valid CouncilOfKingzMintPass NFT and burning 5 tokens from the Burnable contract. The Burnable contract is not provided in the scope of this audit, so we are unable to provide an assessment of the contract with regards to security.
  • The base URI value is set on deployment but is not meant to be the final base URI. This is intended so that users will not know which HighCouncilOfKingz NFT they have received until the true base URI is "revealed", however; users will still be able to predict their tokens URI.

  • While minting is enabled the owner can mint any amount of NFTs without a valid CouncilOfKingzMintPass NFT or 5 Burnable tokens.
  • The owner can withdraw any of the blockchain's native token within the contract at any time.
  • The owner can transfer ownership at any time.
  • The owner can set the Burnable and MintPass addresses at any time.
  • The owner can reveal the token URIs at any time.
  • The owner can enable minting at any time, but cannot disable it.
  • The owner can set the non-revealed token URI at any time.
  • The owner can set the contract, current base, and base extension URIs at any time.
  • In the event that the address receiving a HighCouncilOfKingz NFT is a contract, the contract must have implemented the onERC721Received() function in order to successfully receive the NFT.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesA user's HighCouncilOfKingz NFT URI can be easily predicted by a user when it is intended to be hidden.WARNING
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

HighCouncilOfKingz Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function
 
+ [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub]  #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Int] _setApprovalForAll #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 + [Int] IBurnableContract 
    - [Ext] burn #
    - [Ext] burnEnabled

 + [Int] IMintPassContract 
    - [Ext] ownerOf
    - [Ext] isValid
    - [Ext] setAsUsed #

 + [Int] IEmperorContract 
    - [Ext] contractMint #

 +  HighCouncilOfKingz (ERC721, Ownable)
    - [Pub]  #
       - modifiers: ERC721
    - [Ext] contractURI
    - [Int] _baseURI
    - [Pub] tokenURI
    - [Ext] totalSupply
    - [Ext] totalMinted
    - [Ext] totalBurned
    - [Ext] walletOfOwner
    - [Ext] mint #
       - modifiers: onlyAllowMintEnabledAndValidCount
    - [Prv] _mintNFT #
    - [Prv] _getTokenToBeMinted #
    - [Prv] _getRandomNumber
    - [Ext] burnForEmperor #
       - modifiers: onlyAllowBurnEnabledAndValidCount
    - [Ext] ownerMint #
       - modifiers: onlyOwner,onlyAllowMintEnabledAndValidCount
    - [Ext] flipPausedState #
       - modifiers: onlyOwner
    - [Ext] setBurnableContractAddress #
       - modifiers: onlyOwner
    - [Ext] setMintPassContractAddress #
       - modifiers: onlyOwner
    - [Ext] setEmperorContractAddress #
       - modifiers: onlyOwner
    - [Ext] reveal #
       - modifiers: onlyOwner
    - [Pub] setMintEnable #
       - modifiers: onlyOwner
    - [Ext] setBurnEnable #
       - modifiers: onlyOwner
    - [Ext] setTotalBurnTokens #
       - modifiers: onlyOwner
    - [Ext] setContractURI #
       - modifiers: onlyOwner
    - [Ext] setNotRevealedURI #
       - modifiers: onlyOwner
    - [Ext] setCurrentBaseURI #
       - modifiers: onlyOwner
    - [Ext] setBaseExtension #
       - modifiers: onlyOwner
    - [Pub] withdraw ($)
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Ext]  ($)

CouncilOfKingzMintPass Contract

 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

+ [Lib] console 
    - [Prv] _sendLogPayload
    - [Int] log
    - [Int] logInt
    - [Int] logUint
    - [Int] logString
    - [Int] logBool
    - [Int] logAddress
    - [Int] logBytes
    - [Int] logBytes1
    - [Int] logBytes2
    - [Int] logBytes3
    - [Int] logBytes4
    - [Int] logBytes5
    - [Int] logBytes6
    - [Int] logBytes7
    - [Int] logBytes8
    - [Int] logBytes9
    - [Int] logBytes10
    - [Int] logBytes11
    - [Int] logBytes12
    - [Int] logBytes13
    - [Int] logBytes14
    - [Int] logBytes15
    - [Int] logBytes16
    - [Int] logBytes17
    - [Int] logBytes18
    - [Int] logBytes19
    - [Int] logBytes20
    - [Int] logBytes21
    - [Int] logBytes22
    - [Int] logBytes23
    - [Int] logBytes24
    - [Int] logBytes25
    - [Int] logBytes26
    - [Int] logBytes27
    - [Int] logBytes28
    - [Int] logBytes29
    - [Int] logBytes30
    - [Int] logBytes31
    - [Int] logBytes32
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log
    - [Int] log

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub]  #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Int] _setApprovalForAll #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 +  CouncilOfKingzMintPass (ERC721, Ownable)
    - [Pub]  #
       - modifiers: ERC721
    - [Ext] contractURI
    - [Pub] tokenURI
    - [Pub] isValid
    - [Pub] isUsed
    - [Pub] isExpired
    - [Ext] secondsUntilExpired
    - [Pub] secondsSinceMint
    - [Ext] totalSupply
    - [Ext] totalValid
    - [Ext] totalUsed
    - [Pub] totalExpired
    - [Ext] walletOfOwner
    - [Ext] setAsUsed #
       - modifiers: contractIsNotPaused
    - [Ext] ownerMintTokensToAddresses #
       - modifiers: onlyOwner,contractIsNotPaused
    - [Ext] flipPausedState #
       - modifiers: onlyOwner
    - [Ext] setRedeemer #
       - modifiers: onlyOwner
    - [Ext] setExpiration #
       - modifiers: onlyOwner
    - [Ext] setContractURI #
       - modifiers: onlyOwner
    - [Ext] setValidURI #
       - modifiers: onlyOwner
    - [Ext] setUsedURI #
       - modifiers: onlyOwner
    - [Ext] setExpiredURI #
       - modifiers: onlyOwner
    - [Pub] resetTokens #
       - modifiers: onlyOwner
    - [Pub] withdraw ($)
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Ext]  ($)

About Solidity Finance

Solidity Finance was founded in 2020 and quickly grew to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1000+ solidity smart contract audits covering all major project types and protocols, securing a total of over $10 billion U.S. dollars in on-chain value.
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a Solidity Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A Solidity Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

  • High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
  • Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
  • Low severity issues have a relatively minor risk association; these issues have a low probability of occuring or may have a minimal impact.
  • Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.