Spooky Boys Country Club - Smart Contract Audit Report

Summary

Safe Whale Audit Report Spooky Boys Country Club is a new collection of ghost based NFTs that grants access to the Spooky Boys community with ownership.

For this audit, we reviewed the SpookyBoysCountryClub contract provided to us by the team.

Notes on the SpookyBoysCountryClub Contract:
  • The maximum number of SpookyBoys NFTs is 13,000.
  • The price of minting an NFT is a constant 0.06 ETH.
  • NFT metadata that contains information about the NFT is stored using an off-chain URI endpoint.

  • When public minting is enabled, users are able to mint up to 5 NFTs in one transaction.
  • When whitelist minting is enabled, users on the whitelist are able to mint one NFT.
  • Any extra ETH sent when minting will be retained in the contract.
  • Whitelist and public minting is limited to a maximum of 12,800 NFTs.
  • An additional 200 NFTs are reserved by the owner for airdrop minting; the owner may mint and airdrop any amount of these NFTs, up to the maximum amount, to any address at any time.

  • The owner is able to start and pause public minting at any time.
  • The owner is able to toggle whitelist minting at any time.
  • The owner may add any address to the whitelist at anytime.
  • The owner is able to withdraw all ETH held in the contract at any time.
  • The owner is able to change the URI endpoint at anytime.

  • As the contract is implemented with Solidity v0.8.x, it is protected from overflows/underflows.
  • The contract utilizes ReentrancyGuard to prevent against re-entrancy attacks.
  • The contract complies with the ERC721 token standard.
Audit Findings Summary
  • No external threats were identified.
  • Ensure trust in the team as they have some control within the ecosystem.
  • Date: November 8th, 2021.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

SpookyBoys Graph

SpookyBoys


 ($) = payable function
 # = non-constant function

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata)
    - [Pub] Constructor #
    - [Pub] supportsInterface
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Int] _baseURI
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _approve #
    - [Prv] _checkOnERC721Received #
    - [Int] _beforeTokenTransfer #

 + [Int] IERC721Enumerable (IERC721)
    - [Ext] totalSupply
    - [Ext] tokenOfOwnerByIndex
    - [Ext] tokenByIndex

 +  ERC721Enumerable (ERC721, IERC721Enumerable)
    - [Pub] supportsInterface
    - [Pub] tokenOfOwnerByIndex
    - [Pub] totalSupply
    - [Pub] tokenByIndex
    - [Int] _beforeTokenTransfer #
    - [Prv] _addTokenToOwnerEnumeration #
    - [Prv] _addTokenToAllTokensEnumeration #
    - [Prv] _removeTokenFromOwnerEnumeration #
    - [Prv] _removeTokenFromAllTokensEnumeration #

 + [Lib] Counters 
    - [Int] current
    - [Int] increment #
    - [Int] decrement #
    - [Int] reset #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Ownable (Context)
    - [Pub] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 +  ReentrancyGuard 
    - [Pub] Constructor #

 +  SpookyBoysCountryClub (ERC721Enumerable, Ownable, ReentrancyGuard)
    - [Pub] Constructor #
       - modifiers: ERC721
    - [Ext] startSale #
       - modifiers: onlyOwner
    - [Ext] pauseSale #
       - modifiers: onlyOwner
    - [Ext] allowEarlyRedemption #
       - modifiers: onlyOwner
    - [Ext] pauseEarlyRedemption #
       - modifiers: onlyOwner
    - [Ext] whitelistPreSaleAddresses #
       - modifiers: onlyOwner
    - [Ext] mintSpookyBoys ($)
       - modifiers: nonReentrant
    - [Ext] airdropSpookyBoys #
       - modifiers: onlyOwner
    - [Pub] getNFTPrice
    - [Ext] withdraw #
       - modifiers: onlyOwner
    - [Ext] setBaseURI #
       - modifiers: onlyOwner
    - [Int] _baseURI