Open code423n4 opened 1 year ago
1 | Parameter missed in NatSpec documentation NC
2 | Lack of zero checks for immutable variables L 3 | Insufficient validation of user input Disagree for the specific instance
4 | Critical changes should use two-step procedure NC
5 | There is no way to predict how many reserve gobblers/ community pages should you mint Nice idea, R
1L 1R 2NC
Nice report
Summary
Low Risk Issues
Total: 20 instances over 5 issues
1. Parameter missed in NatSpec documentation (1 instance)
- src/ArtGobblers.sol:[278-286]()
Pages _pages not covered in NatSpec
2. Lack of zero checks for immutable variables (15 instances)
- src/ArtGobblers.sol:314, 564
- src/utils/rand/ChainlinkV1RandProvider.sol:55
- src/utils/GobblerReserve.sol:24
- src/Goo.sol:83
- lib/solmate/src/auth/Owned.sol:30, 40
- src/Pages.sol:179
- src/utils/token/PagesERC721.sol:43
3. Insufficient validation of user input (1 instance)
mintReservedGobblers function does not check for overflow in
numGobblersEach << 1
Impact:
In this case, the impact is very limited. If the contract is deployed on the mainnet, then the gas will be quickly spent. But if it is deployed in a network with cheap gas, or the attacker has an unlimited amount of gas, then he will be able to cause DOS or, in the worst case, mint a lot of gobblers
- src/ArtGobblers.sol:839
4. Critical changes should use two-step procedure (1 instance)
- lib/solmate/src/auth/Owned.sol:37
5. There is no way to predict how many reserve gobblers/ community pages should you mint (2 instance)
It would be useful for the user to know how many reserves he can mint
- src/ArtGobblers.sol:link
- src/Pages.sol:link