issues
search
Tsunami-Exchange
/
tsunami-contracts
Tsunami Exchange Smart Contracts (RIDE)
2
stars
3
forks
source link
Brief audit of `prizes.ride` + `nfts.ride`
#19
Open
deemru
opened
1 year ago
deemru
commented
1 year ago
[ ] LOW: args should be checked against
,
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L99
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L54
[ ] LOW:
_type
overriding possible
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L101
[ ] LOW: 0 amount is valid
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L115
[ ] MEDIUM:
name
length limits (16) not controlled anywhere so can be not enough for example when you reach
# 1000
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L132
[ ] LOW:
_signature
not controlled by timestamp (valid forever)
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L63-L71
[ ] MEDIUM: the same separator can be a security concern
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L65-L67
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L77-L78
[ ] MEDIUM: the most secure way in dapp-to-dapp environment is to "spent" a
_signature
at the beginning of the function (by self invoke) before any other dapp-to-dapp function calls
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L118
[ ] TRIVIAL: it is
assetIdOrMintType
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L85
,
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L99 https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L54_type
overriding possible https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L101name
length limits (16) not controlled anywhere so can be not enough for example when you reach# 1000
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/nfts.ride#L132_signature
not controlled by timestamp (valid forever) https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L63-L71_signature
at the beginning of the function (by self invoke) before any other dapp-to-dapp function calls https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L118assetIdOrMintType
https://github.com/Tsunami-Exchange/tsunami-contracts/blob/061ffa89f2ca8bb57ade97324bfc55f0581630cc/contracts/ride/prizes.ride#L85