EIVISSA PROJECT OPTIMIZATION
Previous
Improved
Static Analisys with Slither Auction . bid ( uint256 , uint256 ) ( contracts / Auction . sol #31 - 39 ) ignores return value by usd . transferFrom ( msg . sender , address ( this ) , price ) ( contracts / Auction . sol #36 )
Auction . addBidder ( address , uint256 , uint256 ) ( contracts / Auction . sol #63 - 89 ) ignores return value by usd . transfer ( tmp . wallet , tmp . amount ) ( contracts / Auction . sol #82 )
EivissaProject . withdraw ( ) ( contracts / EivissaProject . sol #175 - 179 ) ignores return value by usd . transfer ( owner ( ) , usd . balanceOf ( address ( this ) ) ) ( contracts / EivissaProject . sol #176 )
Sale . buy ( uint256 ) ( contracts / Sale . sol #30 - 41 ) ignores return value by usd . transferFrom ( msg . sender , address ( eivissa ) , minPrices [ id ] ) ( contracts / Sale . sol #35 )
System . finish ( ) ( contracts / System . sol #69 - 72 ) ignores return value by usd . transfer ( address ( eivissa ) , usd . balanceOf ( address ( this ) ) ) ( contracts / System . sol #71 )
// Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer System . onlyHolder ( ) ( contracts / System . sol #40 - 44 ) uses a dangerous strict equality:
- mrc . balanceOf ( msg . sender ) == 0 && isAdmin [ msg . sender ] == false
( contracts / System . sol #41 )
// Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in Auction . bid ( uint256 , uint256 ) ( contracts / Auction . sol #31 - 39 ) :
External - usd . transferFrom ( msg . sender , address ( this ) , price ) ( contracts / Auction . sol #36 )
- addBidder ( msg . sender , price , id ) ( contracts / Auction . sol #37 )
- usd . transfer ( tmp . wallet , tmp . amount ) ( contracts / Auction . sol #82 )
State variables written after the call ( s ) :
- addBidder ( msg . sender , price , id ) ( contracts / Auction . sol #37 )
- minPrices [ id ] = bidders [ id ] [ bidders [ id ] . length - 1 ] . amount + increment ( contracts / Auction . sol #87 )
Reentrancy in Sale . buy ( uint256 ) ( contracts / Sale . sol #30 - 41 ) :
External - usd . transferFrom ( msg . sender , address ( eivissa ) , minPrices [ id ] ) ( contracts / Sale . sol #35 )
State variables written after the call ( s ) :
- ++ ( currentSupply [ id ] ) ( contracts / Sale . sol #36 )
- userMints [ msg . sender ] = true ( contracts / Sale . sol #38 )
Reentrancy in MRCRYPTO . reservedMint ( uint256 ) ( contracts / mock / MRC . sol #96 - 118 ) :
External - _safeMint ( msg . sender , supply + 1 ) ( contracts / mock / MRC . sol #109 )
- IERC721Receiver ( to ) . onERC721Received ( _msgSender ( ) , from , tokenId , data ) ( node_modules / @openzeppelin / contracts / token / ERC721 / ERC721 . sol #401 - 412 )
State variables written after the call ( s ) :
- reservedMints [ _tokenId ] = true ( contracts / mock / MRC . sol #110 )
Reentrancy in MRCRYPTO . reservedMint ( uint256 ) ( contracts / mock / MRC . sol #96 - 118 ) :
External - _safeMint ( msg . sender , supply + 1 ) ( contracts / mock / MRC . sol #115 )
- IERC721Receiver ( to ) . onERC721Received ( _msgSender ( ) , from , tokenId , data ) ( node_modules / @openzeppelin / contracts / token / ERC721 / ERC721 . sol #401 - 412 )
State variables written after the call ( s ) :
- reservedMints [ _tokenId ] = true ( contracts / mock / MRC . sol #116 )
//Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1 EivissaProject . setBaseURI ( string ) . _uri ( contracts / EivissaProject . sol #149 ) shadows :
- ERC1155 . _uri ( node_modules / @openzeppelin / contracts / token / ERC1155 / ERC1155 . sol #30 ) ( state variable )
EivissaProject . setRoyaltyInfo ( uint256 [ 3 ] , address ) . royaltyWallet_ ( contracts / EivissaProject . sol #170 ) lacks a zero - check on :
- royaltyWallet = royaltyWallet_ ( contracts / EivissaProject . sol #172 )
Reentrancy in Auction . addBidder ( address , uint256 , uint256 ) ( contracts / Auction . sol #63 - 89 ) :
External calls :
- usd . transfer ( tmp . wallet , tmp . amount ) ( contracts / Auction . sol #82 )
State variables written after the call ( s ) :
- minPrices [ id ] = bidders [ id ] [ bidders [ id ] . length - 1 ] . amount + increment ( contracts / Auction . sol #87 )
// Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in Auction . bid ( uint256 , uint256 ) ( contracts / Auction . sol #31 - 39 ) :
External calls :
- usd . transferFrom ( msg . sender , address ( this ) , price ) ( contracts / Auction . sol #36 )
- addBidder ( msg . sender , price , id ) ( contracts / Auction . sol #37 )
- usd . transfer ( tmp . wallet , tmp . amount ) ( contracts / Auction . sol #82 )
Event emitted after the call ( s ) :
- auctionEvent ( msg . sender , id , price ) ( contracts / Auction . sol #38 )
Reentrancy in Sale . buy ( uint256 ) ( contracts / Sale . sol #30 - 41 ) :
External calls :
- usd . transferFrom ( msg . sender , address ( eivissa ) , minPrices [ id ] ) ( contracts / Sale . sol #35 )
- eivissa . mint ( msg . sender , id , 1 ) ( contracts / Sale . sol #39 )
Event emitted after the call ( s ) :
- saleEvent ( msg . sender , id ) ( contracts / Sale . sol #40 )
// Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Auction . bid ( uint256 , uint256 ) ( contracts / Auction . sol #31 - 39 ) compares to a boolean constant :
- require ( bool , string ) ( finished == false , Has finished ) ( contracts / Auction . sol #32 )
Auction . claim ( uint256 ) ( contracts / Auction . sol #52 - 59 ) compares to a boolean constant :
- require ( bool , string ) ( finished == true , Not finished ) ( contracts / Auction . sol #55 )
Auction . addBidder ( address , uint256 , uint256 ) ( contracts / Auction . sol #63 - 89 ) compares to a boolean constant :
- ( newEntered == false && tmp . amount > bidders [ id ] [ i ] . amount ) || ( newEntered == true && tmp . amount >= bidders [ id ] [ i ] . amount ) ( contracts / Auction . sol #69 - 70 )
EivissaProject . isNotPaused ( ) ( contracts / EivissaProject . sol #43 - 46 ) compares to a boolean constant :
- isAdmin [ msg . sender ] == false && paused == true ( contracts / EivissaProject . sol #44 )
EivissaProject . isWhitelisted ( ) ( contracts / EivissaProject . sol #48 - 51 ) compares to a boolean constant :
- whitelist [ msg . sender ] == false ( contracts / EivissaProject . sol #49 )
EivissaProject . isTransferible ( ) ( contracts / EivissaProject . sol #53 - 56 ) compares to a boolean constant :
- transferible == false || isCollab [ msg . sender ] == true ( contracts / EivissaProject . sol #54 )
EivissaProject . onlyAdmin ( ) ( contracts / EivissaProject . sol #58 - 61 ) compares to a boolean constant :
- isAdmin [ msg . sender ] == false ( contracts / EivissaProject . sol #59 )
Sale . buy ( uint256 ) ( contracts / Sale . sol #30 - 41 ) compares to a boolean constant :
- require ( bool ) ( userMints [ msg . sender ] == false ) ( contracts / Sale . sol #33 )
System . isNotPaused ( ) ( contracts / System . sol #22 - 26 ) compares to a boolean constant :
- isAdmin [ msg . sender ] == false && paused == true ( contracts / System . sol #23 )
System . onlyAdmin ( ) ( contracts / System . sol #28 - 32 ) compares to a boolean constant :
- isAdmin [ msg . sender ] == false ( contracts / System . sol #29 )
System . isWhitelisted ( ) ( contracts / System . sol #34 - 38 ) compares to a boolean constant :
- whitelistEnabled == true && whitelist [ msg . sender ] == false ( contracts / System . sol #35 )
System . onlyHolder ( ) ( contracts / System . sol #40 - 44 ) compares to a boolean constant :
- mrc . balanceOf ( msg . sender ) == 0 && isAdmin [ msg . sender ] == false ( contracts / System . sol #41 )
MRCRYPTO . reservedMint ( uint256 ) ( contracts / mock / MRC . sol #96 - 118 ) compares to a boolean constant :
- require ( bool , string ) ( reservedMints [ _tokenId ] == false , Token alredy used to mint at reserved price ) ( contracts / mock / MRC . sol #103 )
MRCRYPTO . tokenURI ( uint256 ) ( contracts / mock / MRC . sol #150 - 156 ) compares to a boolean constant :
- revealed == false && tokenId > previousMaxSupply ( contracts / mock / MRC . sol #153 )
//Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality 
