Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Catalyst audit: M-01 missing overflow check from tryMul function. #1104

Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
143 commits
Select commit Hold shift + click to select a range
dd585e4
feat : added overflow require check
Aug 24, 2023
34aa81d
fix : fixed format
Aug 25, 2023
759e7ec
feat: added overflow erc20 contract
Aug 28, 2023
67b6b46
feat: added overflow test case
Aug 28, 2023
06e6754
fix : updated visibility of state variable
Aug 25, 2023
9c1fb52
fix : updated contracts
Aug 25, 2023
72a7ff1
fix : updated test cases
Aug 25, 2023
73e054f
fix : fixed format
Aug 25, 2023
3fc158b
feat: added netspec comments
Aug 28, 2023
5e17c72
fix: added named return variable in getter function
Sep 7, 2023
aadb8bc
refactor : refactored _setTokenRoyalties
Aug 25, 2023
ecdafd1
feat : added test cases
Aug 25, 2023
aa327fd
fix : fixed format
Aug 25, 2023
c58df98
fix : removed unwanted code
Aug 25, 2023
2dc6f56
fix: udpated test cases titles
Aug 28, 2023
a1a65e9
fix : fixed format
Aug 28, 2023
d6af0f7
fix : updated MultiRoyaltyDistributor contract
Aug 25, 2023
5832638
feat : added test cases
Aug 25, 2023
c1a0c2a
fix : updated test case
Aug 25, 2023
1421b59
fix: updated test cases titles
Aug 28, 2023
4136dd8
fix: updated contracts
Aug 30, 2023
8d397a7
fix: updated test cases
Aug 30, 2023
13fd8e1
refactor : ERC20 transfer call using SafeERC20
Aug 26, 2023
486e6f6
fix : added royaltyBPS into royaltyConfigs
Aug 26, 2023
4725c5f
feat : added test case
Aug 26, 2023
c1decd9
refactor: removed unused code
Aug 30, 2023
9032009
fix: fixed and removed test cases
Aug 30, 2023
0e0ff10
fix : updated docstrings
Aug 26, 2023
7b7ec59
fix: updated doc string
Aug 30, 2023
05fef1d
fix: fixed docstring
Aug 31, 2023
53a6374
fix : added onlyInitializing modifier
Aug 26, 2023
21f766c
feat : added events after sensitive changes
Aug 28, 2023
6d9ddbd
feat : added events in interface
Aug 28, 2023
00771c0
feat : added test cases
Aug 28, 2023
d63f605
refactor : update function structure for event handling
Aug 29, 2023
cdf0039
refactor : _setBaseURI with super call
Aug 30, 2023
9221caf
fix: removed merge markers
Aug 30, 2023
8c77b1c
fix: fixed test cases
Aug 30, 2023
180bc8d
feat : added events after sensitive changes
Aug 28, 2023
06c30ea
feat : added test cases
Aug 28, 2023
377d1a2
feat : added a gap variable
Aug 28, 2023
9770d4b
fix : fixed merge conflict
Aug 31, 2023
d4638b6
Fix the gap length
wojciech-turek Sep 1, 2023
d12d52b
feat : added events after sensitive changes
Aug 28, 2023
c3721c8
fix : updated missing docstring
Aug 28, 2023
f30085d
fix: updated comment format
Aug 31, 2023
30ae019
fix: fixed merge conflict
Sep 7, 2023
f051694
feat : added failing test cases for burn and transfer
Aug 28, 2023
3d13ddd
refactor : variables names
Aug 29, 2023
cdd001e
fix : updated splitter abi
Aug 29, 2023
d80750d
fix : updated test cases
Aug 29, 2023
68f6003
fix: fixed test case
Aug 31, 2023
7068bb6
fix : updated splitter abi
Aug 29, 2023
9d058bf
fix : updated constant format
Aug 29, 2023
a7acda6
refactor : marked RoyaltyDistributor as abstract
Aug 29, 2023
7124016
fix : updated a test case
Aug 29, 2023
075ce61
feat : added events after sensitive changes
Aug 28, 2023
e6fd61f
fix : added '_disableInitializers()' in constructor
Aug 29, 2023
0418b69
fix: fixed merge conflict
Sep 7, 2023
f333356
feat : added events after sensitive changes
Aug 28, 2023
7a790c8
fix : updated missing docstring
Aug 28, 2023
d2c1701
fix : added '_disableInitializers()' in constructor
Aug 29, 2023
7281bcb
fix : updated incomplete docstrings
Aug 29, 2023
d14e82f
fix: removed duplicate constructor
Aug 31, 2023
9f119ea
feat : added events after sensitive changes
Aug 28, 2023
6c6aed4
fix : updated missing docstring
Aug 28, 2023
63be1a8
fix : added named return values
Aug 30, 2023
b28c1f1
refactor : enhance function with named return values
Aug 30, 2023
37c0e45
fix: updated contracts and interfaces
Aug 31, 2023
ffda588
fix: format fixed
Aug 31, 2023
b385c33
return the values directly
wojciech-turek Sep 1, 2023
63a5fe0
feat : added events after sensitive changes
Aug 28, 2023
1532cea
fix : updated missing docstring
Aug 28, 2023
4bd0fa2
refactor : enhance function with named return values
Aug 30, 2023
5595489
return the values directly
wojciech-turek Sep 1, 2023
899aea3
refactor : variables names
Aug 29, 2023
c810488
fix : added '_disableInitializers()' in constructor
Aug 29, 2023
a4749ac
fix : updated incomplete docstrings
Aug 29, 2023
12672d6
fix : added indexed params in events
Aug 30, 2023
6ae72f9
fix: removed duplicate constructor
Aug 31, 2023
85979b2
feat : added events after sensitive changes
Aug 28, 2023
d7b6d5e
fix : updated missing docstring
Aug 28, 2023
de639e8
refactor : enhance function with named return values
Aug 30, 2023
a09b5f3
return the values directly
wojciech-turek Sep 1, 2023
608ded4
fix : added missing parent initializer calls in contract
Aug 30, 2023
19060f8
feat : added events after sensitive changes
Aug 28, 2023
0a7ad20
fix : updated missing docstring
Aug 28, 2023
18a0221
refactor : enhance function with named return values
Aug 30, 2023
ad384de
return the values directly
wojciech-turek Sep 1, 2023
444b4f0
fix : updated functions visibility to external
Aug 30, 2023
301ca73
fix: function visibility
Sep 1, 2023
66dd01b
fix: updated function visibility
Sep 8, 2023
3a7921f
feat : added events after sensitive changes
Aug 28, 2023
5aa7c28
fix : updated missing docstring
Aug 28, 2023
a59b101
refactor : enhance function with named return values
Aug 30, 2023
2d6acf2
return the values directly
wojciech-turek Sep 1, 2023
3ccafc5
fix : fixed redundant code
Aug 30, 2023
c61fedf
fix: removed redundent code
Sep 1, 2023
bacfb0b
refactor : enhance function with named return values
Aug 30, 2023
9ddbacc
return the values directly
wojciech-turek Sep 1, 2023
f19841a
refactor : enhance function with named return values
Aug 30, 2023
ccc6408
return the values directly
wojciech-turek Sep 1, 2023
db219fe
fix : fixed typographical errors
Aug 30, 2023
e14cfa4
Fix typographical errors
wojciech-turek Sep 1, 2023
b95984a
refactor : enhance function with named return values
Aug 30, 2023
d5d799a
return the values directly
wojciech-turek Sep 1, 2023
de75a07
refactor : enhance function with named return values
Aug 30, 2023
a822c01
return the values directly
wojciech-turek Sep 1, 2023
bd489c0
refactor : enhance function with named return values
Aug 30, 2023
1eb60f2
return the values directly
wojciech-turek Sep 1, 2023
74cdcd8
refactor : used named return royalBps variable
Aug 30, 2023
26a6a93
fix: added missing function
Sep 1, 2023
920c1e3
fix: format:fix
Sep 1, 2023
129a667
refactor : enhance function with named return values
Aug 30, 2023
b87dbe7
return the values directly
wojciech-turek Sep 1, 2023
925452a
fix: added missing function
Sep 1, 2023
a594e5f
fix : removed unused variables
Aug 30, 2023
2cb5258
fix: fixed format
Sep 7, 2023
80d6ba2
refactor: removed royaltyBps value allocation
Sep 8, 2023
907b8bf
Update the gap size
wojciech-turek Sep 8, 2023
fdfdd31
Merge pull request #1130 from thesandboxgame/catalyst-audit/N-18-unus…
rishabh0x00 Sep 11, 2023
711d9e0
Merge pull request #1128 from thesandboxgame/catalyst-audit/N-14-typo…
rishabh0x00 Sep 11, 2023
61067e9
Merge pull request #1127 from thesandboxgame/catalyst-audit/N-12-redu…
rishabh0x00 Sep 11, 2023
bf2172b
Merge pull request #1126 from thesandboxgame/catalyst-audit/N-11-publ…
rishabh0x00 Sep 11, 2023
083d8fd
Merge pull request #1125 from thesandboxgame/catalyst-audit/N-10-miss…
rishabh0x00 Sep 11, 2023
943a005
Merge pull request #1124 from thesandboxgame/catalyst-audit/N-09-lack…
rishabh0x00 Sep 11, 2023
1273521
Merge pull request #1123 from thesandboxgame/catalyst-audit/N-08-inco…
rishabh0x00 Sep 11, 2023
15b07e1
Merge pull request #1122 from thesandboxgame/catalyst-audit/N-06-inco…
rishabh0x00 Sep 11, 2023
e3f416e
Merge pull request #1121 from thesandboxgame/catalyst-audit/N-05-disa…
rishabh0x00 Sep 11, 2023
50a12fe
Merge pull request #1120 from thesandboxgame/catalyst-audit/N-04-cont…
rishabh0x00 Sep 11, 2023
494369c
Merge pull request #1119 from thesandboxgame/catalyst-audit/N-03-cons…
rishabh0x00 Sep 11, 2023
65fa9d4
Merge pull request #1118 from thesandboxgame/catalyst-audit/N-02-codi…
rishabh0x00 Sep 11, 2023
63641ab
Merge pull request #1117 from thesandboxgame/catalyst-audit/L-11-the-…
rishabh0x00 Sep 11, 2023
ca28aec
Merge pull request #1115 from thesandboxgame/catalyst-audit/L-10-miss…
rishabh0x00 Sep 11, 2023
dab5fb9
Merge pull request #1114 from thesandboxgame/catalyst-audit/L-09-lack…
rishabh0x00 Sep 11, 2023
c25dea5
Merge pull request #1113 from thesandboxgame/catalyst-audit/L-08-lack…
rishabh0x00 Sep 11, 2023
b719ab3
Merge pull request #1112 from thesandboxgame/catalyst-audit/L-07-init…
rishabh0x00 Sep 11, 2023
b469006
Merge pull request #1111 from thesandboxgame/catalyst-audit/L-06-inco…
rishabh0x00 Sep 11, 2023
e2f46c7
Merge pull request #1109 from thesandboxgame/catalyst-audit/L-05-inco…
rishabh0x00 Sep 11, 2023
3c2a449
Merge pull request #1108 from thesandboxgame/catalyst-audit/L-04-erc2…
rishabh0x00 Sep 11, 2023
db2a337
Merge pull request #1107 from thesandboxgame/catalyst-audit/L-03-depl…
rishabh0x00 Sep 11, 2023
9e8ef0b
Merge pull request #1106 from thesandboxgame/catalyst-audit/L-02-arra…
rishabh0x00 Sep 11, 2023
a55903d
Merge pull request #1105 from thesandboxgame/catalyst-audit/L-01-abst…
rishabh0x00 Sep 11, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ contract RoyaltySplitter is
Recipient memory recipient = _recipients[i];
bool success;
(success, amountToSend) = balance.tryMul(recipient.bps);
require(success, "RoyaltySplitter: Multiplication Overflow");

amountToSend /= TOTAL_BASIS_POINTS;
totalSent += amountToSend;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity ^0.8.0;

contract OverflowTestERC20 {
uint256 constant MAX_BALANCE = 115792089237316195423570985008687907853269984665640564039457584007913129639935;
mapping(address => uint256) private balances;

function mintMax(address account) external {
balances[account] = MAX_BALANCE;
}

function balanceOf(address _account) external view returns (uint256) {
return balances[_account];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -1934,6 +1934,43 @@ describe('Royalty', function () {
)
).to.be.revertedWith('Manager: No splitter deployed for the creator');
});

it('should revert on for overflow for try mul in splitter contract', async function () {
const {
ERC1155,
deployer,
seller,
royaltyReceiver,
RoyaltyManagerContract,
} = await royaltyDistribution();
await ERC1155.connect(deployer).mint(
seller.address,
1,
1,
royaltyReceiver.address,
'0x'
);
const TestERC20Factory = await ethers.getContractFactory(
'OverflowTestERC20'
);
const OverflowERC20 = await TestERC20Factory.deploy();

const splitter = await RoyaltyManagerContract._creatorRoyaltiesSplitter(
deployer.address
);

const splitterContract = await ethers.getContractAt(
splitterAbi,
splitter
);

await OverflowERC20.mintMax(splitter);
await expect(
splitterContract
.connect(royaltyReceiver)
.splitERC20Tokens(OverflowERC20.address)
).to.be.revertedWith('RoyaltySplitter: Multiplication Overflow');
});
});

describe('Interfaces', function () {
Expand Down