search

EthereumCommonwealth / Auditing

Ethereum Commonwealth Security Department conducted over 400 security audits since 2018. Not even a single contract that we audited was hacked. You can access our audit reports in the ISSUES of this repo. We are accepting new audit requests.
https://audits.callisto.network/
GNU General Public License v3.0
132 stars 34 forks source link

Spirit Orb Pets v0, v1, CARE token, Pet Care contract audits #589

Closed Yomic closed 2 years ago

Yomic commented 3 years ago

Audit request

The smart contract is 4 different contracts that interact with each other to make a digital pet game. It is also extendable which opens the possibility for growth in the future. The first two are NFTs, the second of which has stats. The 3rd is an ERC20 token that generates tokens over time and mints to authorized contracts (which can be frozen). The 4th is the first of a few planned contracts that make the NFTs interactable and able to earn the ERC20 token.

Source code

Smart Contracts on Ropsten: v0 Pets: https://ropsten.etherscan.io/address/0xde1Dee12267fc762493d35A7E10941bB60591bc7#code v1 Pets: https://ropsten.etherscan.io/address/0x7cab257033FA4720220DBd5Ee4f2Dd3AB8af4F5E#code Pet Care: https://ropsten.etherscan.io/address/0xcbb4E96e845BB6274E5047381065539CCf80cfa3#code Care Token: https://ropsten.etherscan.io/address/0x4c00176d5021b465Fdc1D11d83B67B8F3636Fb6A#code

If they need to be on github, then I can push them there if needed.

Disclosure policy

I would like critical issues disclosed privately so we can correct the mistakes before it is published to the public blockchain. Afterwards, once the issues are fixed, the report can be public.

Standard disclosure policy.

Contact information (optional)

I can be contacted via e-mail at: trey@heartfeltgames.org

Website: https://www.spiritorbpets.com/ Twitter: https://www.twitter.com/SpiritOrbPets Discord: https://discord.gg/SpiritOrbPets

Platform

ETH, possibly with interactions migrating to Polygon.

yuriy77k commented 3 years ago

@Yomic the audit fee is 1286 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 12 days after payment.

Yomic commented 3 years ago

The payment has now been sent via this transaction: https://etherscan.io/tx/0x6e01ea804ded9ba51e0ab0611dc3c0a74487529b31cdbc99cd1eda0f6fd7fb8c

Let me know what you find!

Yomic commented 3 years ago

Please note that as a test of swapping out Pet Care contracts the above "Pet Care contract" has been replaced by this contract on Ropsten:

https://ropsten.etherscan.io/address/0x59B62FA82B8adAeE4Da97259c8a081A0C0c9B68F#code

The test was performed successfully with minimal down-time.

yuriy77k commented 3 years ago

Payment received. Thank you.

yuriy77k commented 2 years ago

The report was sent to developer email.

Yomic commented 2 years ago

Great, I have made some of the proposed changes, most notably "3.3 Approved minters" and "3.4 Anybody can burn Care Tokens from any account" because they were the highest risks to the users. Note for use on the checklist, the contracts had received public beta testing and a bug bounty is still in effect from the beta testing period.

Thank you for the thorough audit. It can be published publicly if wanted now.