bookmark_borderPublic Smart Contract Audit: Next Earth, part 1.

Overview

The Next Earth project requested a smart contract code security audit.

Start date of the audit: 2021.07.06.

Report date: 2021.07.07.

Project website: https://nextearth.io/

Platform: Solidity / Ethereum

Audited commit: 4bac0998cac7e19a3a5370c997551ba71bb82d57

Smart contracts in scope:

  • NFT.sol
  • Payment.sol
  • Presalse.sol
  • PriceFeed.sol

Imported smart contracts:

  • @chainlink/contracts/src/v0.6/interfaces/AggregatorV3Interface.sol
  • @openzeppelin/contracts/access/AccessControl.sol
  • @openzeppelin/contracts/access/Ownable.sol
  • @openzeppelin/contracts/security/Pausable.sol
  • @openzeppelin/contracts/token/ERC721/ERC721.sol
  • @openzeppelin/contracts/token/ERC721/extensions/ERC721Burnable.sol
  • @openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol
  • @openzeppelin/contracts/utils/cryptography/ECDSA.sol

Overall result: pass

Auditor: six ~ PGP 450F 4AC8 0BD8

Objective and methodology

The objective of the security assessment is to gain insight into the security of the smart contracts listed in the scope.

Code review main check items:

  • Line-by-line audit
  • Business logic
  • Data consistency
  • Coding style violations
  • Gas usage
  • Reentrancy

Automated tools:

Further documents incorporated in the methodology:

Audit results

Critical severity

No cricitcal severity issue have been found during the manual code review or by using automated tools.

High severity

No high severity issue have been found during the manual code review or by using automated tools.

Medium severity

No medium severity issue have been found during the manual code review or by using automated tools.

Low severity

Presale.sol | Creation of unintended packs in setPackPrice()

Description and impact

At line61 it is specified that we have packages from 1 to 5, but in the setPackPrice function at line120, it allows to pass zero or any positive number up to 2**32-1 for _type and 2**256-1 for price.

Logic says, that would be also an integer overflow, but from Solidity compiler version 0.8.0, overflowing transactions get reverted automatically.

This vulnerability allows the creation of packages against the intentional logic of the project.

This is only a low level vulnerability as onlyOwner is used and it can’t be exploited by others.

Line 61.:

require(packType >= 1 && packType <= 5, “invalid pack type”); // we have 5 pack types from 1 to 5

Line 120.:

function setPackPrice(uint32 _type, uint256 price) external onlyOwner {

packPrices[_type] = price;

}

Proposed solution

You could use a require statement checking the type (and preferably the price too) before setting the price for a pack.

Presale.sol | Unused code, todo, typo

Description

Payment.sol, line36.

// TODO can we do this pull over push?

Presale.sol, line 88.

// uint256 contractShare = msg.value – charityShare – comissionShare; // not used, need to remove it

NFT.sol, line 42.

// happens against a signle single user…

Presale.sol, multiple lines:

comissionCode” → “commissionCode”

Proposed solution

Update the mentioned points.

NFT.sol | Minting functions can go above gas limit

Description

The issue was acknowledged by the project before the audit.

Function safeMint from line 35. and function safeMintTo() from line 49. can go above the gas limit if tokenIds.length becomes too big.

Proposed solution

Implement limits, don’t let users break themselves.

Lack of README file

Description

The project does not have a README file or documentation.

Proposed solution

Provide a clear documentation and use more comments.

Lack of comments regarding functionality

Description

The smart contracts have comments at some critical points, but not about the functions or general code logic.

It is also recommended to add NatSpec to the code.

Proposed solution

Follow the Solidity Coding style guide.

https://docs.soliditylang.org/en/latest/style-guide.html

Contact

Awalcon – six

Website: https://awalcon.org/

E-mail:six@awalcon.org

Telegram/Signal: +36 20 256 4090

Git: https://git.hsbp.org/six

PGP: B1F7 B1D6 8838 98B4 2212 1D90 CA71 D1E4 078E 99C5

bookmark_borderBitcoin and Crypto* events in Dubai

Looking for meeting other people who are into crypto*? Wants to find the best place to start your blockchain business? Awalcon and the HODLbag project shares the best places to get started. If you are an enthusiast, already have a project, looking for investors or just a beginner who wants to learn and meet interesting people: this is what you need to know.

EcoX Networking Events

Every Tuesday, you have the chance to meet people from different backgrounds, many of them are into crypto*. Just get there and be brave to start discussions with people you do not know yet!

Find the flyers on Instagram: https://www.instagram.com/ecoxdubai/

Website: https://www.ecox.pro/

Crypto Mondays

Crypto* people in the space! Mostly for beginner, but you can meet some big names there. Last Monday, we had Tone Vayes and Gary Sheynkman with us.

For the next meetup, make sure to follow: https://twitter.com/CryptoMondaysSJ

You can also join the cryptoDubai group on Signal where we keep posting about the events. Contact: https://linktr.ee/awalcon

Dubai allows crypto businesses to set up in free zone

Just as the heading says, things are moving on in the free zone.

An economic free zone in Dubai has opened for businesses that are offering, issuing, listing and trading crypto assets. The Dubai Multi Commodities Center (DMCC) signed the initial agreement with the Securities and Commodities Authority (SCA) to allow licensing for firms that deal with crypto assets.

Find more details on this link:

https://www.arabnews.com/node/1828681/business-economy

bookmark_borderInspiration from Dubai and the Global Blockchain Congress 2021

The Awalcon HODL Bag team visited Dubai for finding new possibilities, inspiration and attending the Global Blockchain/DeFi congress which took place between 2021.02.09.-10.

The whole trip was a positive experience from the point of meeting new people, learning more about DeFi projects and discussing with investors (VCs, Private Equity Firms, Family Offices and High Networth Individuals). Though we are not seeking financial support, advice is always welcome from individuals who have already created projects that work on the long run.

The days we have spent in Dubai truly gave us inspiration and new ideas to push our IDeaLs (Indpendent Decentralized Life System) further. We are very soon making the HODL Bag system public and accessible for everyone who is interested.

Awalcon OÜ has also been fully initialized in Estonia (registration code 16156552). That means we are ready to sell the HODL Bags and also ready to work for the system.

We take decentralization serious: you will be able to use the first functions in this HODL Bag NFT smart contract with just your MetaMask app and the frontend will also be runable from any computers, not centralizing all the contact interactions to a single website.

We are looking forward to keeping in touch with all our new friends.