QA Report

[c4-submissions]

See the markdown file with the details of this report here.

[c4-pre-sort]

141345 marked the issue as high quality report

[141345]

747 The_Kakers
l r nc
6 3 3

d L-1 NextGenRandomizerVRF randomizer uses Goerli keyHash dup of #1611
l L-2 fulfillRandomWords sets the token hash as the first fulfilled random number instead of calculating a hash
n L-3 Insufficient pseudo-randomness is masked under over-complicated implementation
d L-4 requestRandomWords() is marked as payable in NextGenRandomizerRNG but it can't be called with value dup of https://github.-423n4/2023-10-nextgen-findings/issues/998
d L-5 getWord() returns the same word for different ids dup of #508
d L-6 Predictable pseudo-random values should be proposed by trusted roles dup of https://github.com/code-423n4/nextgen-findings/issues/163
d L-7 returnHighestBidder() doesn't update the highBid attribute on its calculation dup of https://github.com/code-423n4/nextgen-findings/issues/586
d L-8 Auction participants will have their funds locked until NFT is claimed dup of https://github.com/code-423n4/nextgen-findings/issues/362
d L-9 Airdropped minted tokens for auctions should be transfered to a escrow contract dup of https://github.com/code-423n4/nextgen-findings/issues/364
d L-10 The receiver of the funds from claimAuction() should be moved to another function dup of https://github.com/n4/2023-10-nextgen-findings/issues/486
n L-11 Use supportsInterface() from EIP-165 instead of custom-made checks
d L-12 supportsInterface() is incorrectly implemented on NextGenCore dup of https://github.com/code-423n4/nextgen-findings/issues/1310
r L-13 tokenId JavaScript variable in generative scripts should be quoted
l L-14 Collection scripts with indexes 999 and 1000 can't be updated
r L-15 It is not possible to add or remove generative scripts
d L-16 Malicious scripts can be injected on the generative scripts via the token dup of https://github.com/code-423n4/nextgen-findings/issues/1284
l L-17 burnToMint() does not check that minting costs were set
d L-18 Merkle nodes can have 64 bytes length, making internal nodes be reinterpreted as leaf values dup of https://github.-423n4/2023-10-nextgen-findings/issues/1818
l L-19 Merkle proofs from burnOrSwapExternalToMint() could be used in mint() and vicevsersa
r L-20 Lack of check for empty artist signature
l L-21 Artist can't propose new addresses and percentages
d L-22 acceptAddressesAndPercentages() can be frontrunned by artists to change settings dup of https://github.com/n4/2023-10-nextgen-findings/issues/1126
l L-23 acceptAddressesAndPercentages() can approve addresses and percentages that have not been set
n NC-1 Unnecessary address payable conversions

[c4-sponsor]

a2rocket (sponsor) confirmed

[alex-ppg]

QA Judgment

The Warden's QA report has been graded A based on a score of 66 combined with a manual review per the relevant QA guideline document located here.

The Warden's submission's score was assessed based on the following accepted findings:

Low-Risk

• L-2: Randomizers will not produce a valid hash value #1688
• L-5: getWord in XRandom.sol, produces inconsistent output #1008
• L-18: IN THE MinterContract.mint FUNCTION, THE MERKLE LEAF VALUES FOR THE WHITELIST MINTING (VIA MERKLE ROOT VERIFICATION) CAN BE 64 BYTES LONG BEFORE HASHING WHICH CAN LEAD TO HASH COLLISIONS WITH THE INTERNAL NODES OF THE MERKLE TREE  #1818
• L-19: Tokens can be minted with invalid data in MinterContract::burnOrSwapExternalToMint #371
• L-20

Non-Critical

• L-1: The RandomizerVRF uses a keyHash specific to the Goerli test network, not the Ethereum Mainnet. #1611
• L-8
• L-12: The NextGenCore.sol contract is not ERC721 compliant #1310
• L-14: The length of collectionScripts should be limited. #179
• L-22

Informational

• NC-1

[c4-judge]

alex-ppg marked the issue as grade-a

[c4-judge]

alex-ppg marked the issue as selected for report

[alex-ppg]

As this report has been selected as the best, I will provide additional feedback on the points that were not credited in the original assessment above:

• L-3: Desirable Trait of the Protocol, Suitable Criticism for Analysis Submissions
• L-4: Could be Argued as Deliberate Optimization
• L-6: Desirable Trait of the Protocol, Suitable Criticism for Analysis Submissions
• L-7: Inconsequential & Gas Increase
• L-9: Desirable Trait of the Protocol, Suitable Criticism for Analysis Submissions
• L-10: Desirable Trait of the Protocol
• L-11: Preference
• L-13: Incorrect per Relevant Line
• L-15: Informational (Uncredited)
• L-16: Out-of-Scope
• L-17: Invalid per MinterContract.burnToMint FUNCTION DOES NOT CHECK WHETHER setMintingCosts IS SET FOR A SPECIFIC _mintCollectionID THUS ALLOWING FREE MINTS USING THE burnToMint FUNCTION #1866
• L-21: Desirable Trait of the Protocol
• L-23: Desirable Trait of the Protocol

[thebrittfactor]

Just a note that C4 is excluding the invalid and out of scope entries from the official report.