| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Omnimorphs - Smart Contract Audit Report
Summary
Omnimorphs is a building a new NFT art collection on the Ethereum blockchain.We audited the project team's OmnimorphsRinkeby contract at commit 377387d68e5c11fc6ad6b7baa1e01d85d113fdcc on the team's private Github repository.Overview of the Contract:Audit Findings Summary
- There is a maximum total supply of 10,000 OmnimorphsRinkeby NFTs; this maximum cannot be exceeded at any time.
- Each user can purchase at most 5 NFTs.
- During the presale, only addresses on the presale access list are able to mint OmnimorphsRinkeby NFTs.
- Users with access to the presale can only purchase up to 3 NFTs during the presale; the limit varies per user and is specified by the owner.
- Each NFT costs 0.08 ETH.
- The user must send the exact amount of ETH needed in order to purchase the desired amount of OmnimorphsRinkeby NFTs.
- After the presale, users will not be able to mint NFTs directly from the contract.
- The project team has taken a number of security measures to prevent bots from purchasing NFTs directly from the contract.
- The user can use the contract to "fuse" tokens together by calling code from the OmniFusion implementation contract; the OmniFusion implementation code was not provided to our team for analysis, so we were unable to verify the security of this function.
- The owner is able to set the Base URI to any value at any time.
- The owner is able to set the sale as active or inactive at any time.
- The owner is able to mint any amount of OmnimorphsRinkeby NFTs to their wallet at any time, as long as the maximum total supply is not exceeded.
- The owner is able to set the provenance hash to any value at any time.
- The owner is able to transfer any ETH in the contract to the 3 member addresses defined by the project team on deployment.
- The owner is able to set the deadline for the presale at any time.
- The owner is able to add or remove any address from the presale access list at any time.
- The owner is able to set the address of the OmniFusion implementation code to any address at any time.
- The owner is able to set the signer address to any address at any time.
- Excellent structuring of logic to protect against bot attacks.
- The contract complies with the ERC-721 standard.
- As the contract is implemented with Solidity v0.8.x, it is protected from overflows.
- No security threats from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Date: September 10th, 2021
($) = payable function
# = non-constant function
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ ERC721Enumerable (ERC721, IERC721Enumerable)
- [Pub] supportsInterface
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Int] _beforeTokenTransfer #
- [Prv] _addTokenToOwnerEnumeration #
- [Prv] _addTokenToAllTokensEnumeration #
- [Prv] _removeTokenFromOwnerEnumeration #
- [Prv] _removeTokenFromAllTokensEnumeration #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Lib] ECDSA
- [Int] recover
- [Int] recover
- [Int] recover
- [Int] toEthSignedMessageHash
- [Int] toTypedDataHash
+ [Int] IOmniFusion
- [Ext] fuseTokens #
+ OmnimorphsRinkeby (ERC721Enumerable, Ownable)
- [Pub] #
- modifiers: ERC721
- [Int] _baseURI
- [Prv] _mintTokens #
- [Prv] hashTransaction
- [Prv] matchAddressSigner
- [Ext] setBaseURI #
- modifiers: onlyOwner
- [Ext] flipSaleState #
- modifiers: onlyOwner
- [Ext] reserveTokens #
- modifiers: onlyOwner
- [Ext] setProvenanceHash #
- modifiers: onlyOwner
- [Ext] withdraw #
- modifiers: onlyOwner
- [Ext] setPresaleActiveUntil #
- modifiers: onlyOwner
- [Ext] addPresaleAddresses #
- modifiers: onlyOwner
- [Ext] removePresaleAddresses #
- modifiers: onlyOwner
- [Ext] setOmniFusionAddress #
- modifiers: onlyOwner
- [Ext] setSigner #
- modifiers: onlyOwner
- [Ext] mintTokensPresale ($)
- [Ext] mintTokens ($)
- [Pub] presaleTokensForAddress
- [Ext] fuseTokens #