Multiversal Walkers Smart Contract Audit
The Multiversal Walkers team asked me to audit their contracts in preparation for their mint. I reviewed their contracts and published this audit with my findings.
This audit was performed on the CuzzoLabs/WalkersAudit GitHub repository. The repository version used for this audit was commit 1cea55314174a2d0e91b2a76564150944ee22694.
Scope
The scope of this audit is limited to the following files:
Documentation
The contents of this audit are based on the scope provided by the Multiversal Walkers team within their GitHub. In order to provide a quality report of the security and efficiency of their smart contract, I have studied their whitepaper extensively to get a feel for how their system is supposed to function.
Severity Level Reference
| Severity Level | Description |
|---|---|
 | Findings marked with a critical severity tag must be fixed as soon as possible. These issues may break the contract altogether if not resolved. |
 | Findings marked with a high severity tag should be fixed as soon as possible, because it is likely they will cause problems in production if left unresolved. |
 | Findings marked with a medium severity tag should be fixed soon, but it is not extremely urgent. These issues have the potential to cause problems in production. |
 | Findings marked with a low severity tag can remain unfixed. These are unlikely to cause any problems in production, but resolving them could improve contract efficiency. |
Table of Contents
| Severity | Finding Title | Code Reference |
|---|---|---|
| Logic Inconsistency | FERC1155Distributor.sol L59 & FERC1155Distributor.sol L83 |
| Timestamp Dependence | FERC1155Distributor.sol L100 |
| Documentation Issues | Walkers.sol & FERC1155Distributor.sol |
| Lack of Event Emission | Walkers.sol & FERC1155Distributor.sol |
| Floating Pragma | Walkers.sol L2 & FERC1155Distributor.sol L2 |
Security Findings
-
Logic Inconsistency
Within Walkers.sol, the minting functions publicMint() and multilistMint() do not have a check for whether or not the caller is an EOA. Both contracts and EOAs are allowed to mint Walkers. However, within FERC1155Distributor.sol, there is a check for whether or not the caller is an EOA.
A user could potentially mint Walkers using a contract (such as gnosis), and then be unable to claim their FERC1155 tokens using the contract. Either publicMint() or multilistMint() should be updated to block non EOA accounts from minting Walkers, or this check should be removed within FERC1155Distributor.sol.
-
Timestamp Dependence
Timestamps can be manipulated by the miner. It is generally safe to use block.timestamp, since Geth and Parity reject timestamps that are more than 15 seconds in the future.
Since Multiversal Walkers uses a 7 day timelock for claiming free FERC tokens, this shouldn't be a problem. However, if a miner does change the timestamp to a future date which would affect the timelock, a user could potentially claim a token before the timelock is met.
As of commit a26b9988ea7c1a2b2c3f28260f2c1d886558f310, this issue has been addressed. Multiversal Walkers has opted to block all EOA accounts across all contracts.
Best-practice Findings
-
Documentation Issues
Functions should be documented according to the NatSpec Standard. In both
Walkers.solandFERC1155Distributor.sol, many functions are missing complete NatSpec documentation, or documentation altogether.All functions should include the
@returnand@paramtags, where appropriate according to NatSpec. For example, the following function is missing the@paramtag in Walkers.sol:snippet.sol1 /// @notice Function used to mint Walkers during the public mint. 2 /// @dev No explicit check of `quantity` is required as signatures are created ahead of time. 3 function publicMint(uint256 quantity, bytes calldata signature) external payable { 4 ... 5 }should become
snippet.sol1 /// @notice Function used to mint Walkers during the public mint. 2 /// @dev No explicit check of `quantity` is required as signatures are created ahead of time. 3 /// @param quantity The number of Walkers to mint. 4 /// @param signature The signature, signed by _signer, used to validate the mint. 5 function publicMint(uint256 quantity, bytes calldata signature) external payable { 6 ... 7 }_As of commit a26b9988ea7c1a2b2c3f28260f2c1d886558f310, this issue has been addressed.
-
Lack of Event Emission
The following functions do not emit events despite taking important action within the contract:
setPublicTokens()in Walkers.solsetSaleState()in Walkers.sol & FERC1155Distributor.solsetSigner()in Walkers.sol & FERC1155Distributor.solsetBaseTokenURI()in Walkers.sol
Consider adding event emissions after these sensitive contract events take place. This is best-practice, and allows for off-chain analysis and tracking of the contract’s activity.
As of commit a26b9988ea7c1a2b2c3f28260f2c1d886558f310, this issue has been addressed. Owner interactions that modify the contract state are now emitted as events.
-
Floating Pragma
Contracts should be deployed using the exact compiler version that they have been tested the most with in order to prevent being deployed with a compiler version that may have undiscovered bugs or vulnerabilities. This is best practice when deploying contracts.
In this case, change
^0.8.10to0.8.10in bothWalkers.solandFERC1155Distributor.sol._As of commit a26b9988ea7c1a2b2c3f28260f2c1d886558f310, this issue has been addressed.
Conclusion
A total of five issues & recommendations were found within the contracts in scope, one of which was of high severity. The remaining four issues were either of low severity or were recommendations in order to adhere to solidity best practice.
Note that as of the date of publishing, the contents of this document reflect my current understanding of known security patterns regarding smart contract security. The findings of this audit should not be considered to be exhaustive, and there may still be issues within the contract itself. This audit is not a guarantee of security. I take no responsibility for future contract security, and only act as a third-party auditor.