NaftyArt - Smart Contract Audit Report

Summary

NaftyArt Audit Report Nafty is building an NFT auctioning marketplace on the Binance Smart Chain.

For this audit, we reviewed the project team's contract at 0xc753316ee782030C2E898e0bbacFB1DbAC31eaA7 on the Binance Smart Chain.

Notes on the Contracts:
  • This contract allows users to mint, auction off, and bid on Nafty NFT tokens.
  • Users have the ability to mint Nafty NFTs to themselves at anytime, for free (after gas fees).
  • Users can list their NFT for a specified price with a simple auction, or start a custom-timed auction in which the highest bidder will receive the NFT after auction expiration.
  • When creating an auction, users will also provide an ERC20 token address to decide the auction's payment, or the 0 address to indicate BNB as the payment.
  • When bidding on an auction, a user must bid a certain amount more than the current price. This amount can be changed by the contract owner at any time.
  • When a user bids on a timed auction, their bid tokens will be stored in the contract and will be returned to the user if a higher bid is made.
  • Once an auction has expired, anyone can trigger the exchange of the NFT between the seller and the highest bidder. The seller will have a system fee and a creator fee taken out of the final price. The system fee goes to the project team and the creator fee goes to the original creator of the NFT.
  • Both the system and creator fee start at 5%, but can be changed at any time by the owner.
  • The owner can burn any NFT at anytime.
  • The owner can recover any BNB erroneously sent to the contract.
  • Note that the some variables should be declared constant for gas saving purposes.
  • Note that many functions can be declared external for gas saving purposes.

  • Solidity v0.8.x is used across all contracts to prevent overflows.
Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Date: September 7th, 2021.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
  + [Int] ILiquidityPool 
    - [Ext] unlock #
    - [Ext] send #
    - [Ext] setLockupPeriod #
    - [Ext] totalBalance

 + [Int] IBNBLiquidityPool (ILiquidityPool)
    - [Ext] lock ($)

 + [Int] IBufferOptions 
    - [Ext] options

 + [Int] IBufferStaking 
    - [Ext] claimProfit #
    - [Ext] buy #
    - [Ext] sell #
    - [Ext] profitOf

 + [Int] IBufferStakingBNB (IBufferStaking)
    - [Ext] sendProfit ($)

 + [Int] IBufferStakingIBFR (IBufferStaking)
    - [Ext] sendProfit #

 + [Int] IAccessControl 
    - [Ext] hasRole
    - [Ext] getRoleAdmin
    - [Ext] grantRole #
    - [Ext] revokeRole #
    - [Ext] renounceRole #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 + [Int] IERC165 
    - [Ext] supportsInterface

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  AccessControl (Context, IAccessControl, ERC165)
    - [Pub] supportsInterface
    - [Pub] hasRole
    - [Int] _checkRole
    - [Pub] getRoleAdmin
    - [Pub] grantRole #
       - modifiers: onlyRole
    - [Pub] revokeRole #
       - modifiers: onlyRole
    - [Pub] renounceRole #
    - [Int] _setupRole #
    - [Int] _setRoleAdmin #
    - [Prv] _grantRole #
    - [Prv] _revokeRole #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 +  BufferBNBPool (AccessControl, ERC20, IBNBLiquidityPool)
    - [Pub]  #
    - [Ext] setLockupPeriod #
    - [Ext] revertTransfersInLockUpPeriod #
    - [Ext] provide ($)
    - [Ext] withdraw #
    - [Ext] lock ($)
    - [Ext] unlock #
    - [Ext] send #
    - [Ext] shareOf
    - [Pub] availableBalance
    - [Pub] totalBalance
    - [Int] _beforeTokenTransfer #
    - [Pub] fullMul
    - [Pub] mulDiv
    - [Int] divCeil

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub]  #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #

 +  ERC721Burnable (Context, ERC721)
    - [Pub] burn #

 + [Int] IERC721Enumerable (IERC721)
    - [Ext] totalSupply
    - [Ext] tokenOfOwnerByIndex
    - [Ext] tokenByIndex

 +  ERC721Enumerable (ERC721, IERC721Enumerable)
    - [Pub] supportsInterface
    - [Pub] tokenOfOwnerByIndex
    - [Pub] totalSupply
    - [Pub] tokenByIndex
    - [Int] _beforeTokenTransfer #
    - [Prv] _addTokenToOwnerEnumeration #
    - [Prv] _addTokenToAllTokensEnumeration #
    - [Prv] _removeTokenFromOwnerEnumeration #
    - [Prv] _removeTokenFromAllTokensEnumeration #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Int] AggregatorV3Interface 
    - [Ext] decimals
    - [Ext] description
    - [Ext] version
    - [Ext] getRoundData
    - [Ext] latestRoundData

 +  BaseBufferBNBOptions (IBufferOptions, Ownable, ERC721, ERC721Enumerable, ERC721Burnable, AccessControl)
    - [Pub]  #
       - modifiers: ERC721
    - [Ext] setImpliedVolRate #
       - modifiers: onlyOwner
    - [Ext] setSettlementFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setSettlementFeeRecipient #
       - modifiers: onlyOwner
    - [Ext] setStakingFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setReferralRewardPercentage #
       - modifiers: onlyOwner
    - [Ext] setOptionCollaterizationRatio #
       - modifiers: onlyOwner
    - [Int] _create #
    - [Int] distributeSettlementFee #
    - [Pub] fees
    - [Int] getPeriodFee
    - [Int] getStrikeFee
    - [Int] getSettlementFee
    - [Int] createOptionFor #
    - [Int] _baseURI
    - [Int] _beforeTokenTransfer #
    - [Pub] supportsInterface
    - [Int] sqrt

 +  BufferBNBPredictions (BaseBufferBNBOptions)
    - [Pub]  #
       - modifiers: BaseBufferBNBOptions
    - [Pub] optionDetails
    - [Ext] create ($)
    - [Pub] execute #
    - [Ext] executeAll #
    - [Int] _transfer #