NFTIZ Smart Contract Audit

Contract Audit
Contract name: Affiliate

 
Contract address:
https://polygonscan.com/address/0x2f26b3c3177be1df032c65b9e5a1a716c64333ae
 
Contract details
Number of lines: 173 (+ 189 in dependencies
Number of assembly lines:
Number of contracts: 1 (+ 3 in dependencies
Number of optimization issues:
Number of informational issues: 3
Number of low issues:
Number of medium issues:
Number of high issues:
Issue
[unchecked-transfer] (2 results) (High
[reentrancy-no-eth] (5 results) (Medium
[tautology] (2 results) (Medium
[reentrancy-events] (2 results) (Low
[timestamp] (2 results) (Low
[pragma] (1 results) (Informational
[solc-version] (5 results) (Informational
[naming-convention] (29 results) (Informational)

 
Recomendations
Use ReentrancyGuard library to prevent reentrancy vulnerabilities in addBudget(),
createOffer(), withdrawBudget(), withdrawFee(), withdrawProfit(
Fix tautologies/contradictions in requirements (#104, #131
Use actual Solidity versio
Fix naming issues (case, tautologies, etc.)
Contract Audit
Detailed issues:
## unchecked-transfer
Impact: High
Confidence: Medium
[Affiliate.withdrawERC20Tokens(address,address,uint256)](contracts/Affiliate.sol#L50-L53) ignores return value by [tkn.transfer(_wallet,_amount)]
(contracts/Affiliate.sol#L52)
[Affiliate.getERC20Tokens(address,uint256)](contracts/Affiliate.sol#L45-L48) ignores return value by [tkn.transferFrom(msg.sender,address(this),_amount)]
(contracts/Affiliate.sol#L47)
## reentrancy-no-eth
Impact: Medium
Confidence: Medium
Reentrancy in [Affiliate.withdrawProfit(string,uint256)](contracts/Affiliate.sol#L156-L172):
External calls:
- [withdrawERC20Tokens(msg.sender,offers[_offerId].token,_amount)](contracts/Affiliate.sol#L167)
- [tkn.transfer(_wallet,_amount)](contracts/Affiliate.sol#L52)
State variables written after the call(s):
- [profit[_offerId][msg.sender].balance -= _amount](contracts/Affiliate.sol#L169)
Reentrancy in [Affiliate.addBudget(string,uint256)](contracts/Affiliate.sol#L77-L84):
External calls:
- [getERC20Tokens(offers[_offerId].token,_amount)](contracts/Affiliate.sol#L80)
- [tkn.transferFrom(msg.sender,address(this),_amount)](contracts/Affiliate.sol#L47)
- [offers[_offerId].budget += _amount](contracts/Affiliate.sol#L82)
- [offers[_offerId].balance += _amount](contracts/Affiliate.sol#L83)
Reentrancy in [Affiliate.createOffer(string,address,uint256,uint256)](contracts/Affiliate.sol#L55-L75):
External calls:
- [getERC20Tokens(_token,_amount)](contracts/Affiliate.sol#L71)
- [offers[_offerId] = newOffer](contracts/Affiliate.sol#L72)
Reentrancy in [Affiliate.withdrawBudget(string,uint256,address)](contracts/Affiliate.sol#L86-L100):
External calls:
- [withdrawERC20Tokens(_wallet,offers[_offerId].token,_amount)](contracts/Affiliate.sol#L97)
- [offers[_offerId].withdrawable -= _amount](contracts/Affiliate.sol#L99)
Reentrancy in [Affiliate.withdrawFee(address,address,uint256)](contracts/Affiliate.sol#L120-L126):
External calls:
- [withdrawERC20Tokens(_wallet,_token,_amount)](contracts/Affiliate.sol#L123)
- [projectFee[_token] -= _amount](contracts/Affiliate.sol#L125)
## tautology
Impact: Medium
Confidence: High
[Affiliate.closeOffer(string,uint256,uint256)](contracts/Affiliate.sol#L102-L114) contains a tautology or contradiction:
- [require(bool,string)(_percent >= 0 && _percent <= 100,Wrong percentage)](contracts/Affiliate.sol#L104)
[Affiliate.addProfit(string,address,uint256,uint256)](contracts/Affiliate.sol#L128-L154) contains a tautology or contradiction:
- [require(bool,string)(_fee >= 0 && _fee <= 100,Wrong Fee)](contracts/Affiliate.sol#L131)
Contract Audit
Detailed issues:
## reentrancy-events
Impact: Low
Confidence: Medium
Reentrancy in [Affiliate.createOffer(string,address,uint256,uint256)](contracts/Affiliate.sol#L55-L75):
External calls:
- [getERC20Tokens(_token,_amount)](contracts/Affiliate.sol#L71)
Event emitted after the call(s):
- [CreateOffer(_offerId)](contracts/Affiliate.sol#L74)
Reentrancy in [Affiliate.withdrawProfit(string,uint256)](contracts/Affiliate.sol#L156-L172):
External calls:
- [withdrawERC20Tokens(msg.sender,offers[_offerId].token,_amount)](contracts/Affiliate.sol#L167)
Event emitted after the call(s):
- [WithdrawProfit(_offerId,msg.sender,_amount)](contracts/Affiliate.sol#L171)
## timestamp
Impact: Low
Confidence: Medium
[Affiliate.withdrawProfit(string,uint256)](contracts/Affiliate.sol#L156-L172) uses timestamp for comparisons
Dangerous comparisons:
- [require(bool,string)(block.timestamp >= endVestingDate,Vesting hasn't ended)](contracts/Affiliate.sol#L164)
[Affiliate.withdrawBudget(string,uint256,address)](contracts/Affiliate.sol#L86-L100) uses timestamp for comparisons
Dangerous comparisons:
- [block.timestamp > offers[_offerId].closedAfter](contracts/Affiliate.sol#L90)
## pragma
Impact: Informational
Confidence: High
Different versions of Solidity are used:
- Version used: ['^0.8.0', '^0.8.7']
- [^0.8.0](node_modules/@openzeppelin/contracts/access/Ownable.sol#L4)
- [^0.8.0](node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#L4)
- [^0.8.0](node_modules/@openzeppelin/contracts/utils/Context.sol#L4)
- [^0.8.7](contracts/Affiliate.sol#L2)
## solc-version
Confidence: High
Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/utils/Context.sol#L4) allows old versions
Pragma version[^0.8.7](contracts/Affiliate.sol#L2) allows old versions
solc-0.8.7 is not recommended for deployment
Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#L4) allows old versions
Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/access/Ownable.sol#L4) allows old versions

Contract Audit
Detailed issues:
## naming-convention
Confidence: High
Parameter [Affiliate.addProfit(string,address,uint256,uint256)._wallet](contracts/Affiliate.sol#L128) is not in mixedCase
Parameter [Affiliate.closeOffer(string,uint256,uint256)._offerId](contracts/Affiliate.sol#L102) is not in mixedCase
Parameter [Affiliate.withdrawBudget(string,uint256,address)._offerId](contracts/Affiliate.sol#L86) is not in mixedCase
Parameter [Affiliate.getFee(address)._token](contracts/Affiliate.sol#L116) is not in mixedCase
Parameter [Affiliate.closeOffer(string,uint256,uint256)._date](contracts/Affiliate.sol#L102) is not in mixedCase
Parameter [Affiliate.getERC20Tokens(address,uint256)._amount](contracts/Affiliate.sol#L45) is not in mixedCase
Parameter [Affiliate.withdrawERC20Tokens(address,address,uint256)._amount](contracts/Affiliate.sol#L50) is not in mixedCase
Parameter [Affiliate.closeOffer(string,uint256,uint256)._percent](contracts/Affiliate.sol#L102) is not in mixedCase
Parameter [Affiliate.addBudget(string,uint256)._amount](contracts/Affiliate.sol#L77) is not in mixedCase
Parameter [Affiliate.switchBlacklistedStatus(string,address)._wallet](contracts/Affiliate.sol#L41) is not in mixedCase
Parameter [Affiliate.switchBlacklistedStatus(string,address)._offerId](contracts/Affiliate.sol#L41) is not in mixedCase
Parameter [Affiliate.addProfit(string,address,uint256,uint256)._amount](contracts/Affiliate.sol#L128) is not in mixedCase
Parameter [Affiliate.withdrawFee(address,address,uint256)._token](contracts/Affiliate.sol#L120) is not in mixedCase
Parameter [Affiliate.getERC20Tokens(address,uint256)._token](contracts/Affiliate.sol#L45) is not in mixedCase
Parameter [Affiliate.withdrawBudget(string,uint256,address)._wallet](contracts/Affiliate.sol#L86) is not in mixedCase
Parameter [Affiliate.createOffer(string,address,uint256,uint256)._token](contracts/Affiliate.sol#L55) is not in mixedCase
Parameter [Affiliate.addProfit(string,address,uint256,uint256)._offerId](contracts/Affiliate.sol#L128) is not in mixedCase
Parameter [Affiliate.addProfit(string,address,uint256,uint256)._fee](contracts/Affiliate.sol#L128) is not in mixedCase
Parameter [Affiliate.withdrawERC20Tokens(address,address,uint256)._token](contracts/Affiliate.sol#L50) is not in mixedCase
Parameter [Affiliate.createOffer(string,address,uint256,uint256)._offerId](contracts/Affiliate.sol#L55) is not in mixedCase
Parameter [Affiliate.withdrawFee(address,address,uint256)._wallet](contracts/Affiliate.sol#L120) is not in mixedCase
Parameter [Affiliate.withdrawERC20Tokens(address,address,uint256)._wallet](contracts/Affiliate.sol#L50) is not in mixedCase
Parameter [Affiliate.withdrawProfit(string,uint256)._offerId](contracts/Affiliate.sol#L156) is not in mixedCase
Parameter [Affiliate.addBudget(string,uint256)._offerId](contracts/Affiliate.sol#L77) is not in mixedCase
Parameter [Affiliate.withdrawBudget(string,uint256,address)._amount](contracts/Affiliate.sol#L86) is not in mixedCase
Parameter [Affiliate.withdrawProfit(string,uint256)._amount](contracts/Affiliate.sol#L156) is not in mixedCase
Parameter [Affiliate.createOffer(string,address,uint256,uint256)._amount](contracts/Affiliate.sol#L55) is not in mixedCase
Parameter [Affiliate.createOffer(string,address,uint256,uint256)._vesting](contracts/Affiliate.sol#L55) is not in mixedCase
Parameter [Affiliate.withdrawFee(address,address,uint256)._amount](contracts/Affiliate.sol#L120) is not in mixedCase

NFTIZ Smart Contract Audit

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NFTIZ Smart Contract Audit

Uploaded by

Copyright:

Available Formats

Contract Audit

Contract name: Affiliate

Number of assembly lines:

Number of contracts: 1 (+ 3 in dependencies

Number of optimization issues:

Number of informational issues: 3

Number of low issues:

Number of medium issues:

Number of high issues:

[unchecked-transfer] (2 results) (High

[reentrancy-no-eth] (5 results) (Medium

[tautology] (2 results) (Medium

[reentrancy-events] (2 results) (Low

[timestamp] (2 results) (Low

[pragma] (1 results) (Informational

[solc-version] (5 results) (Informational

[naming-convention] (29 results) (Informational)

createOffer(), withdrawBudget(), withdrawFee(), withdrawProfit(

Fix tautologies/contradictions in requirements (#104, #131

Use actual Solidity versio

Fix naming issues (case, tautologies, etc.)

[Affiliate.withdrawERC20Tokens(address,address,uint256)](contracts/Affiliate.sol#L50-L53) ignores return value by [tkn.transfer(_wallet,_amount)]

[Affiliate.getERC20Tokens(address,uint256)](contracts/Affiliate.sol#L45-L48) ignores return value by [tkn.transferFrom(msg.sender,address(this),_amount)]

State variables written after the call(s):

State variables written after the call(s):

State variables written after the call(s):

State variables written after the call(s):

State variables written after the call(s):

[Affiliate.closeOffer(string,uint256,uint256)](contracts/Affiliate.sol#L102-L114) contains a tautology or contradiction:

- [require(bool,string)(_percent >= 0 && _percent <= 100,Wrong percentage)](contracts/Affiliate.sol#L104)

[Affiliate.addProfit(string,address,uint256,uint256)](contracts/Affiliate.sol#L128-L154) contains a tautology or contradiction:

- [require(bool,string)(_fee >= 0 && _fee <= 100,Wrong Fee)](contracts/Affiliate.sol#L131)

Event emitted after the call(s):

Event emitted after the call(s):

[Affiliate.withdrawProfit(string,uint256)](contracts/Affiliate.sol#L156-L172) uses timestamp for comparisons

- [require(bool,string)(block.timestamp >= endVestingDate,Vesting hasn't ended)](contracts/Affiliate.sol#L164)

[Affiliate.withdrawBudget(string,uint256,address)](contracts/Affiliate.sol#L86-L100) uses timestamp for comparisons

- [block.timestamp > offers[_offerId].closedAfter](contracts/Affiliate.sol#L90)

Different versions of Solidity are used:

- Version used: ['^0.8.0', '^0.8.7']

Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/utils/Context.sol#L4) allows old versions

Pragma version[^0.8.7](contracts/Affiliate.sol#L2) allows old versions

solc-0.8.7 is not recommended for deployment

Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#L4) allows old versions

Pragma version[^0.8.0](node_modules/@openzeppelin/contracts/access/Ownable.sol#L4) allows old versions

Parameter [Affiliate.addProfit(string,address,uint256,uint256)._wallet](contracts/Affiliate.sol#L128) is not in mixedCase

Parameter [Affiliate.closeOffer(string,uint256,uint256)._offerId](contracts/Affiliate.sol#L102) is not in mixedCase

Parameter [Affiliate.withdrawBudget(string,uint256,address)._offerId](contracts/Affiliate.sol#L86) is not in mixedCase

Parameter [Affiliate.getFee(address)._token](contracts/Affiliate.sol#L116) is not in mixedCase

Parameter [Affiliate.closeOffer(string,uint256,uint256)._date](contracts/Affiliate.sol#L102) is not in mixedCase

Parameter [Affiliate.getERC20Tokens(address,uint256)._amount](contracts/Affiliate.sol#L45) is not in mixedCase

Parameter [Affiliate.withdrawERC20Tokens(address,address,uint256)._amount](contracts/Affiliate.sol#L50) is not in mixedCase

Parameter [Affiliate.closeOffer(string,uint256,uint256)._percent](contracts/Affiliate.sol#L102) is not in mixedCase

Parameter [Affiliate.addBudget(string,uint256)._amount](contracts/Affiliate.sol#L77) is not in mixedCase

Parameter [Affiliate.switchBlacklistedStatus(string,address)._wallet](contracts/Affiliate.sol#L41) is not in mixedCase

Parameter [Affiliate.switchBlacklistedStatus(string,address)._offerId](contracts/Affiliate.sol#L41) is not in mixedCase

Parameter [Affiliate.addProfit(string,address,uint256,uint256)._amount](contracts/Affiliate.sol#L128) is not in mixedCase

Parameter [Affiliate.withdrawFee(address,address,uint256)._token](contracts/Affiliate.sol#L120) is not in mixedCase

Parameter [Affiliate.getERC20Tokens(address,uint256)._token](contracts/Affiliate.sol#L45) is not in mixedCase

Parameter [Affiliate.withdrawBudget(string,uint256,address)._wallet](contracts/Affiliate.sol#L86) is not in mixedCase

Parameter [Affiliate.createOffer(string,address,uint256,uint256)._token](contracts/Affiliate.sol#L55) is not in mixedCase

Parameter [Affiliate.addProfit(string,address,uint256,uint256)._offerId](contracts/Affiliate.sol#L128) is not in mixedCase

Parameter [Affiliate.addProfit(string,address,uint256,uint256)._fee](contracts/Affiliate.sol#L128) is not in mixedCase