search

code-423n4 / 2024-07-traitforge-findings

2 stars 1 forks source link

Upgraded Q -> 2 from #1076 [1725656589063] #1088

Closed c4-judge closed 2 months ago

c4-judge commented 2 months ago

Judge has assessed an item in Issue #1076 as 2 risk. The relevant finding follows:

[L-1] Listing and delisting tokens in EntityTrading.sol extends nuking timeout Whenever users mint or receive a new token they need to wait 3 days before being able to nuke. However, if they list their tokens for sale and choose to delist them, their nuking timeout will be reset and they will need to wait 3 more days before being able to nuke.

function canTokenBeNuked(uint256 tokenId) public view returns (bool) { SNIP // Assuming tokenAgeInSeconds is the age of the token since it's holding the nft, check if it's over minimum days held @> return tokenAgeInSeconds >= minimumDaysHeld; } function _beforeTokenTransfer(...) internal virtual override { SNIP /// @dev don't update the transferred timestamp if from and to address are same if (from != to) { @> lastTokenTransferredTimestamp[firstTokenId] = block.timestamp; // Updates the token held timestamp even on marketplace listing and delisting } SNIP }

This can be mitigated by checking the to and from and seeing if it matches the EntityTrading contract address.

[L-2] Incorrect view functions present in the contract

Both EntityForging.sol and EntropyGenerator.sol contracts contain view functions that produce incorrect results:


  function fetchListings() external view returns (Listing[] memory _listings) {
    _listings = new Listing[](listingCount + 1);
    for (uint256 i = 1; i <= listingCount; ++i) {
      _listings[i] = listings[i];
    }
  }
This view function will always add an additional empty listing at the beginning of the _listings array and at the end.

  function deriveTokenParameters(
    uint256 slotIndex,
    uint256 numberIndex
  )
    public
    view
    returns (
      uint256 nukeFactor,
      uint256 forgePotential,
      uint256 performanceFactor,
      bool isForger
    )
  {
    uint256 entropy = getEntropy(slotIndex, numberIndex);

    // example calcualtions using entropyto derive game-related parameters
@>    nukeFactor = entropy / 4000000;
    forgePotential = getFirstDigit(entropy);
    performanceFactor = entropy % 10;

    // exmaple logic to determine a boolean property based on entropy
    uint256 role = entropy % 3;
    isForger = role == 0;

    return (nukeFactor, forgePotential, performanceFactor, isForger); // return derived parammeters
  }
As per the documentation the forgePotential should be calculated as entropy / 40.
c4-judge commented 2 months ago

koolexcrypto marked the issue as duplicate of #172

c4-judge commented 2 months ago

koolexcrypto marked the issue as satisfactory