NFTSwaps Token - Smart Contract Audit Report
Summary
NFTSwaps is building a platform where anyone can deposit their NFT to an NFTSwaps pool and obtain BEP20 token derivatives that can be exchanged directly on PancakeSwap.
We initially analyzed NFTSwaps' token smart contract, deployed at 0xc536462e5a9fdacd4f1008a91e7daba1374c0226 in late March 2021. The team has since had a successful presale and developed the promised NFT swapping platform. This audit has been updated on May 2nd, 2021 to reflect our analysis of the NFTSwaps platform and SwapsSocks contract, reviewed at commit 802a44fcdcde3f216aaeb0046b8e99f1f9fd651d and later at commit f7b847cbaf579ec211041d2ace6ecb07973c170a on Github.
Notes on the Token Contract:
- The total supply of the token is 2.8 million, delivered to the team upon deployment.
- No mint functions are accessible. After deployment, the total supply can only decrease.
- Tokens can be burned by sending them to address(0). This is accounted for in the totalSupply calculation.
- The only ownership-restricted function is tokenRecover() which allows the owner to retrieve tokens mistakenly sent to the token contract.
- The owner can transfer ownership to any address.
- The contract includes the ERC-1363 approveAndCall() function, allowing for approvals and execution to occur in one call if desired.
- The contract utilizes SafeMath to prevent overflow issues.
- The contract utilizes an outdated version of Solidity which includes some compiler bugs.
- Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.
Notes on the NFT Swapping Platform Contracts:
- The platform allows any user to deposit an NFT and receive BEP20 equivelant tokens for that NFT.
- Any user who holds NFTs can call createToken() on the router contract to create tokens to represent their NFTs as BEP20 tokens.
- Users NFTs will be deposited in the contract, an instance of the SwapsNFTX contract will be deployed, and the user will receive one BEP20 token per NFT deposited.
- Each instance of the SwapsNFTX contract pairs with one NFT contract.
- The Router contract has the ability to mint and burn the BEP20 SwapsNFTX tokens in order to provide and remove tokens when NFTs are deposited and withdrawn.
- In the reverse, the platform allows anyone to purchase the BEP20 equivelant tokens where they can they be used to redeem a randomly-selected NFT previously deposited into the platform.
- When selecting an NFT for redeption, Chainlink is used to provide tamper-resistant verifiable randomness to the Router contract. This is the gold standard for on-chain sources of randomness. The Chainlink call value is hard-coded at 0.2 LINK; we advise making this a variable that can be updated.
- The team can withdraw any tokens erroneously sent to the router contract.
- Some functions can be declared external instead of public to save a minute amount of gas on each call.
- The contract utilizes SafeMath to prevent overflows.
Notes on the SwapsSocks Contract:
- This contract is an NFT which is intended to be backed by socks redeemable in the real world.
- The team can mint 390 Common Socks NFTs and 10 Rare Socks NFTs. These are not effectively differentiated in each NFT, however, and can only be determined by checking the NFT's origin.
- The team can also add users to a batch and whitelist upon deployment who will be able to mint tokens at any time. After 30 days, whitelisted users can mint NFTs.
- A claimPhysical function is present, allowing a user to burn their NFT and claim a real-world prize. The team will provide any prizes.
- The team can blacklist any addres disallowing them from sending or receiving NFTs.
- The contract utilizes SafeMath and SafeTransfers to prevent overflows and ensure successful token transfers.
Audit Findings Summary:
- No security issues were identified.
- Ensure trust in the team if utilizing the SwapsSocks contract as the team can blacklist addresses, mint tokens, and must provide prizes.
- Token Review Date: March 19th, 2021
- Swapping Platform + SwapsSocks Review Date: May 2nd, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Compiler Bugs | The contract uses solidity 0.4.24. We advise upgrading to 0.7.6 or above. | WARNING |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | WARNING |
Details: Token Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ SafeMath
- [Pub] safeAdd
- [Pub] safeSub
- [Pub] safeMul
- [Pub] safeDiv
+ ERC20Interface
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] allowance
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
+ ApproveAndCallFallBack
- [Pub] receiveApproval #
+ Owned
- [Pub] #
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] acceptOwnership #
+ NFTSwaps (ERC20Interface, Owned, SafeMath)
- [Pub] #
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] allowance
- [Pub] approveAndCall #
- [Pub] transferAnyERC20Token #
- modifiers: onlyOwner
Details: SwapsNFTX Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ SwapsNFTX (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] factoryMint #
- modifiers: onlyOwner
- [Ext] factoryBurn #
- modifiers: onlyOwner
- [Ext] burn #
Details: SwapsRouter Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] ISwapsNFTX
- [Ext] factoryMint #
- [Ext] factoryBurn #
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] transfer #
- [Ext] balanceOf
- [Ext] burn #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ SwapsNFTX (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] factoryMint #
- modifiers: onlyOwner
- [Ext] factoryBurn #
- modifiers: onlyOwner
- [Ext] burn #
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] SafeMathChainlink
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
+ [Int] LinkTokenInterface
- [Ext] allowance
- [Ext] approve #
- [Ext] balanceOf
- [Ext] decimals
- [Ext] decreaseApproval #
- [Ext] increaseApproval #
- [Ext] name
- [Ext] symbol
- [Ext] totalSupply
- [Ext] transfer #
- [Ext] transferAndCall #
- [Ext] transferFrom #
+ VRFRequestIDBase
- [Int] makeVRFInputSeed
- [Int] makeRequestId
+ VRFConsumerBase (VRFRequestIDBase)
- [Int] fulfillRandomness #
- [Int] requestRandomness #
- [Pub] #
- [Ext] rawFulfillRandomness #
+ SwapsRouter (Ownable, VRFConsumerBase)
- [Pub] #
- modifiers: VRFConsumerBase
- [Ext] claimRandomNFT #
- [Int] fulfillRandomness #
- [Int] substring
- [Int] _checkString
- [Ext] createToken #
- [Ext] buyTokenPancake ($)
- [Ext] sellTokenPancake #
- [Ext] withdrawTokens #
- modifiers: onlyOwner
Details: SwapsSocks Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ ERC165 (IERC165)
- [Int] #
- [Pub] supportsInterface
- [Int] _registerInterface #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ [Lib] EnumerableMap
- [Prv] _set #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _get
- [Prv] _get
- [Int] set #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] get
- [Int] get
+ [Lib] Strings
- [Int] toString
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata, IERC721Enumerable)
- [Pub] #
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Pub] baseURI
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _setTokenURI #
- [Int] _setBaseURI #
- [Prv] _checkOnERC721Received #
- [Prv] _approve #
- [Int] _beforeTokenTransfer #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ SwapsSocks (ERC721, Ownable)
- [Pub] #
- modifiers: ERC721
- [Ext] adminMintRare #
- modifiers: onlyOwner
- [Ext] adminMintCommon #
- modifiers: onlyOwner
- [Ext] claimSocks #
- [Ext] claimPhysical #
- [Pub] transferFrom #
- [Pub] safeTransferFrom #