Lazy Monsters Space Club (Season 2) - Smart Contract Audit Report

Audit Summary

Lazy Monsters Space Club Audit Report Lazy Monsters Space Club ($LAZY2) is a new protocol that allows users to purchase NFTs.

We reviewed the LazyMonster2 contract at 0x7A9e24A4395bfF0050e5B44Aa32fB710bDEA9683 on the Rinkeby Testnet.

Audit Findings

Please ensure trust in the team prior to investing as they have some control in the ecosystem.
Date: February 16th, 2022.

Finding #1 - LazyMonster2 - Low

Description: Any excess ETH supplied to the contract during minting is not returned to the user.
Risk/Impact: Users will lose any excess funds sent as payment.
Recommendation: The contract should require the user to supply the exact amount of ETH needed to mint the desired amount of NFTs.

Finding #2 - LazyMonster2 - Informational

Description: Several functions are declared public, but are never called internally.
			
pause, unpause, contractURI
Recommendation: We recommend declaring these functions external for additional gas savings on each call.

Contract Overview

  • The maximum supply is set to 2,000 NFTs.
  • Any user can mint up to 10 NFTs per transaction until the maximum supply is reached.
  • In the event that the address minting an NFT is a contract, the contract must have implemented the onERC721Received() function in order to successfully receive the NFT.
  • Each NFT costs 0.08 ether to mint.
  • Users should exercise caution when supplying ETH to purchase NFTs and ensure that the exact amount is supplied as any excess ETH will not be returned to the user.
  • The owner can pause the contract at any time which disables all minting functionality.
  • The owner can withdraw all of the ETH from the contract address at any time.
  • The owner can update the Contract URI and Base URI at any time.
  • The logic is properly structured to prevent reentrancy attacks in applicable functions.
  • As the contract is implemented with Solidity v0.8.x, it is protected from overflows/underflows.
  • The contract complies with the ERC-721 token standard.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe owner can pause the contract at any time which disables all minting functionality.PASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

BEP20 Token Graph

Inheritance Chart

Multi-file Token

Functions Overview

												
($) = payable function
 # = non-constant function

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub]  #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #

 + [Int] IERC721Enumerable (IERC721)
    - [Ext] totalSupply
    - [Ext] tokenOfOwnerByIndex
    - [Ext] tokenByIndex

 +  ERC721Enumerable (ERC721, IERC721Enumerable)
    - [Pub] supportsInterface
    - [Pub] tokenOfOwnerByIndex
    - [Pub] totalSupply
    - [Pub] tokenByIndex
    - [Int] _beforeTokenTransfer #
    - [Prv] _addTokenToOwnerEnumeration #
    - [Prv] _addTokenToAllTokensEnumeration #
    - [Prv] _removeTokenFromOwnerEnumeration #
    - [Prv] _removeTokenFromAllTokensEnumeration #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 +  Pausable (Context)
    - [Pub]  #
    - [Pub] paused
    - [Int] _pause #
       - modifiers: whenNotPaused
    - [Int] _unpause #
       - modifiers: whenPaused

 +  ERC721Pausable (ERC721, Pausable)
    - [Int] _beforeTokenTransfer #

 + [Lib] ECDSA 
    - [Prv] _throwError
    - [Int] tryRecover
    - [Int] recover
    - [Int] tryRecover
    - [Int] recover
    - [Int] tryRecover
    - [Int] recover
    - [Int] toEthSignedMessageHash
    - [Int] toTypedDataHash

 +  EIP712 
    - [Pub]  #
    - [Int] _domainSeparatorV4
    - [Prv] _buildDomainSeparator
    - [Int] _hashTypedDataV4

 +  LazyMonster2 (Ownable, ERC721Enumerable, ERC721Pausable)
    - [Pub]  #
       - modifiers: ERC721
    - [Ext] mint ($)
    - [Pub] pause #
       - modifiers: onlyOwner
    - [Pub] unpause #
       - modifiers: onlyOwner
    - [Ext] withdrawAll #
       - modifiers: onlyOwner
    - [Ext] setContractURI #
       - modifiers: onlyOwner
    - [Pub] contractURI
    - [Ext] setBaseURI #
       - modifiers: onlyOwner
    - [Pub] tokenURI
    - [Int] _beforeTokenTransfer #
    - [Pub] supportsInterface