NFTonPulse

Off-Chain (Private)

Audited on 2023/08/15

No active critical issues

Summary

The NFTonPulse contracts provide a decentralized auction house for NFTs that allows users to put their NFTs on auction, bid on an ongoing auction, or post an offer for an NFT. The protocol allows users to list and offer NFTs in exchange for either the blockchain's native assets or ERC20 tokens as well as allowing the listing of both ERC721 and ERC1155 NFTs. Furthermore, the protocol allows users to mint vouchers that can be later redeemed for ERC721 or ERC1155 tokens. The most significant issues found in this audit involved possibly receiving NFTs without payment (NFT-1), a replay attack (NFT-2), as well as a way for a malicious actor to launch a DoS attack on an auction (NFT-3). Overall, the documentation is of high quality, the tests are robust, and the code is well-written and clear. UPDATE: The NFTonPulse team has fixed the vast majority of our issues and acknowledged or mitigated the rest of them.

Project

NFTonPulse

Ethereum

Issues (25)

	Low	Medium	High	Critical	Total
Not fixed	5	3	1	-	9
Fixed	12	3	1	-	16
Total	17	6	2	0	25

NFTonPulse

Summary

Issues (25)

DoS Vulnerabilitynot_fixed/high

It Is Possible to Cross the `lazyMint` Thresholdnot_fixed/medium

Mechanism to Prevent Owner From Bidding in Their Own Auction Can Be Easily Bypassednot_fixed/medium

Vouchers Can Be Frontrunnot_fixed/medium

Mistaken Bids Can Be Immediately Acceptednot_fixed/low

Contract (1)