This is the report from a security audit performed on NFTLootBox by MrCrambo.
The audit focused primarily on the security of NFTLootBox smart contracts.
- https://github.com/NFTLootBox/contracts/blob/master/contracts/NFTLootbox.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/Context.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/SafeMath.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/Ownable.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/IERC20.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/IERC1155.sol
- https://github.com/NFTLootBox/contracts/blob/master/contracts/lib/ReentrancyGuard.sol
In total, 1 issue were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
2 low severity issues.
-
0 owner privilegies issues.
There is no zero address checking in functions: redeemBulk, setTransferAddress, setAuthAddress, updateLootbox
Add zero address cehcking:
require( _to != address(0) );
ERC20 standard does not have mint and burn function in standard description. In IERC20 interface there exist these methods. And should have name(), decimals() and symbol() methods.
Smart contract contains only low severity issue.