This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
| Key | Value |
|---|---|
| .sol Files | 2 |
| Total nSLOC | 186 |
| Filepath | nSLOC |
|---|---|
| src/AuctionContract.sol | 168 |
| src/SellerNft.sol | 18 |
| Total | 186 |
| Category | No. of Issues |
|---|---|
| High | 2 |
| Low | 5 |
Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized.
1 Found Instances
-
Found in src/SellerNft.sol Line: 11
uint256 private tokenCounter;
Introduce checks for msg.sender in the function
1 Found Instances
-
Found in src/AuctionContract.sol Line: 198
function withdraw() public {
Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
3 Found Instances
-
Found in src/AuctionContract.sol Line: 12
contract AuctionContract is Ownable, ReentrancyGuard, IERC721Receiver {
-
Found in src/SellerNft.sol Line: 10
contract SellerNFT is ERC721, Ownable {
-
Found in src/SellerNft.sol Line: 22
function approveToAuction(address auctionContract, uint256 tokenId) external onlyOwner{
ERC20 functions may not behave as expected. For example: return values are not always meaningful. It is recommended to use OpenZeppelin's SafeERC20 library.
2 Found Instances
Instead of marking a function as public, consider marking it as external if it is not used internally.
5 Found Instances
-
Found in src/AuctionContract.sol Line: 133
function bid( -
Found in src/AuctionContract.sol Line: 162
function sellerEndAuction(uint256 auctionId) public nonReentrant {
-
Found in src/AuctionContract.sol Line: 186
function getActiveAuctions() public view returns (uint256[] memory) {
-
Found in src/AuctionContract.sol Line: 198
function withdraw() public {
-
Found in src/AuctionContract.sol Line: 210
function onERC721Received(
Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.
4 Found Instances
Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail.