Yamsteers712V4 - Smart Contract Audit Report
Summary
Yamsteers is creating a new NFT with a presale on the Ethereum network.For this audit, we reviewed Yamsteer's Yamsteers712V4 contract at address 0x01497e1932d81432485214b2360bbd8ccac715e8 on the Rinkeby testnet.
Notes on the Contract:Audit Findings Summary
- The max supply of Yamsteers712V4 is 10,000 $YMLS. The max supply cannot be changed.
- There is no burning functionality present in the contract, however users can transfer their tokens to the 0x..dead address to reduce circulating supply, if desired.
- The owner can pause or unpause the contract at any time. Public sale minting and token transfers cannot occur while the contract is paused. Presale minting can still occur while the contract is paused.
- The owner can update the max mint amount to any number at any time.
- While the presale has started, users can purchase up to 2 NFTs total. The owner can start and stop the presale at any time.
- During the public sale, users can purchase up to the 'max mint amount' of tokens. Purchases during presale do not count towards the max mint amount.
- In order to participate in the presale, the user must have a signature from the whitelist address. This signature can only be used by the address included in the signed message.
- The owner can mint up to 100 'reserved' tokens at no cost. These are intended to be given to team members and for giveaways.
- Any kind of token purchases cannot result in the total supply exceeding the max supply minus remaining reserved tokens.
- The cost of minting, regardless of whether it is during the presale or public period, is .08 ETH per token.
- The owner can enable or disable querying of token URIs at any time.
- The owner can change the base URI at any time.
- The owner can change the whitelist address at any time.
- The owner can withdraw any amount of ETH in the contract to any address at any time.
- As the contract is implemented with Solidity 0.8.x, it is protected from overflows.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have some control in the ecosystem.
- Date: November 26th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | The owner has the permissions listed above. | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Suicide | N/A | PASS |
| Unbounded Loop | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ ERC721Enumerable (ERC721, IERC721Enumerable)
- [Pub] supportsInterface
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Int] _beforeTokenTransfer #
- [Prv] _addTokenToOwnerEnumeration #
- [Prv] _addTokenToAllTokensEnumeration #
- [Prv] _removeTokenFromOwnerEnumeration #
- [Prv] _removeTokenFromAllTokensEnumeration #
+ ERC721URIStorage (ERC721)
- [Pub] tokenURI
- [Int] _setTokenURI #
- [Int] _burn #
+ Pausable (Context)
- [Pub] #
- [Pub] paused
- [Int] _pause #
- modifiers: whenNotPaused
- [Int] _unpause #
- modifiers: whenPaused
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Lib] Counters
- [Int] current
- [Int] increment #
- [Int] decrement #
- [Int] reset #
+ [Lib] ECDSA
- [Prv] _throwError
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] toEthSignedMessageHash
- [Int] toTypedDataHash
+ EIP712Whitelisting (Ownable)
- [Pub] #
- [Pub] setWhitelistSigningAddress #
- modifiers: onlyOwner
+ Yamsteers712V4 (ERC721, ERC721Enumerable, ERC721URIStorage, Pausable, Ownable, EIP712Whitelisting)
- [Pub] #
- modifiers: ERC721,EIP712Whitelisting
- [Pub] pausePublicSale #
- modifiers: onlyOwner
- [Pub] unpausePublicSale #
- modifiers: onlyOwner
- [Int] _beforeTokenTransfer #
- modifiers: whenNotPaused
- [Int] _burn #
- [Int] _baseURI
- [Pub] tokenURI
- [Pub] supportsInterface
- [Pub] setmaxMintAmount #
- modifiers: onlyOwner
- [Pub] setBaseURI #
- modifiers: onlyOwner
- [Pub] setRevealed #
- modifiers: onlyOwner
- [Pub] preSaleSwitch #
- modifiers: onlyOwner
- [Pub] mint ($)
- modifiers: whenNotPaused
- [Pub] preSaleMint ($)
- modifiers: requiresWhitelist
- [Pub] teamMint ($)
- modifiers: onlyOwner
- [Pub] withdraw ($)
- modifiers: onlyOwner