MoonBoyz MoonPass - Smart Contract Audit Report

Summary

MoonPass Audit Report MoonPass is a new non-fungible token on the Binance Smart Chain that enables holders to mint MoonBoyz which are a series of NFT Art Collectibles.

For this audit, we reviewed the MoonPass.sol and PaymentSplitter.sol smart contracts and the code was provided to us by the team, as they are not yet deployed to the mainnet.

Notes on the Contract:
  • There is a maximum total supply of 4500 Moon Passes.
  • Moon Passes are minted when users purchase them through the contract.
  • There is currently a limit set of 5 MoonPasses per wallet that is enforced in the contract.
  • The funds collected from the sale of MoonPasses are allocated to the team by use of the PaymentSplitter contract.
  • The team has structured the payments to be distributed across 5 wallets controlled by the team.

  • We worked with the MoonBoyz team to optimize these contracts for gas efficiency.
  • The contract is compiled with Solidity version 0.8.x, providing protection from overflows.
  • The contract utilizes the ERC721 standard.

  • Ownership has not been renounced.
  • The owner of the contract can set and update the maximum pass purchase amount at any time.
  • The owner has the ability to update the address that the funds of MoonPass purchases are sent to upon transfers.
  • The owner has the ability to toggle the MoonPass sale status on and off at any time.
  • The owner has the ability to update the MoonPass sale price (in Wei) at any time.
  • The owner has the ability to populate an array of addresses named "Current Holders". Once added to this array, an address cannot be removed.
  • The owner can utilize the withdrawAll function to receive the funds stored in the contract address at any time.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have significant control in the ecosystem.
  • Further, ensure trust in the team as they have control of the contract's balance that is accumulated from the sale of MoonPasses.
  • Date: September 10th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Critical Solidity CompilerN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Overall Contract Safety PASS

Function Graph

ERC721 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub]  #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Counters 
    - [Int] current
    - [Int] increment #
    - [Int] decrement #
    - [Int] reset #

 +  PaymentSplitter (Context)
    - [Pub]  ($)
    - [Ext]  ($)
    - [Pub] totalShares
    - [Pub] totalReleased
    - [Pub] shares
    - [Pub] released
    - [Pub] payee
    - [Pub] release #
    - [Prv] _addPayee #

 +  MoonPass (ERC721, Ownable, PaymentSplitter)
    - [Pub]  #
       - modifiers: ERC721,PaymentSplitter
    - [Ext]  ($)
    - [Pub] setMaxPurchaseAmount #
       - modifiers: onlyOwner
    - [Pub] setThisContract #
       - modifiers: onlyOwner
    - [Pub] purchaseMoonPass ($)
    - [Pub] totalSupply
    - [Pub] setSaleStatus #
       - modifiers: onlyOwner
    - [Pub] setSalePrice #
       - modifiers: onlyOwner
    - [Pub] populateCurrentHolders #
       - modifiers: onlyOwner
    - [Pub] returnCurrentHolders
    - [Pub] withdrawAll #
       - modifiers: onlyOwner