Zellic - Audit Reports

Function: `secondarySale(SecondarySaleVoucher calldata voucher, bytes calldata signature)`

This function fulfills secondary sale orders by transferring NFTs from sellers to buyer, distributing payments to sellers with fee deduction, and transferring fees to the treasury. It supports batch transfers of multiple NFTs in a single transaction.

Inputs

voucher.buyer
- Control: Full.
- Constraints: Must match msg.sender (checked via _verifyBuyerMatchesSender()).
- Impact: Ensures only the designated buyer can execute the secondary sale, preventing unauthorized purchase execution.
voucher.amount
- Control: Full.
- Constraints: Must match msg.value and the sum of all name prices.
- Impact: Ensures total payment matches the voucher specification and prevents underpayment or overpayment attacks.
voucher.voucherExpiration
- Control: Full.
- Constraints: Must be greater than the current block timestamp (checked via _verifyNotExpiredVoucher()).
- Impact: Prevents execution of expired vouchers, ensuring time-sensitive sale conditions.
voucher.paymentId
- Control: Full.
- Constraints: Must be unique and not previously used (checked via usedPaymentIdHashes mapping).
- Impact: Prevents replay attacks by ensuring each sale voucher can only be used once.
voucher.orderId
- Control: Full.
- Constraints: Included in the signature hash but no direct validation.
- Impact: Links sale to specific order for off-chain tracking and verification.
voucher.names
- Control: Full.
- Constraints: Total names.price sum must match voucher.amount.
- Impact: Array of NFT transfer information including registry, tokenId, owner, and price for each NFT.
signature.
- Control: Full.
- Constraints: ECDSA signature verification via _verifySignature() to ensure voucher was signed by an authorized signer.
- Impact: Ensures voucher authenticity and prevents unauthorized voucher creation.

Branches and code coverage (including function calls)

Intended branches

Valid secondary sale with multiple NFTs successfully transfers tokens.

Fee calculation and distribution to the treasury works correctly.

Seller payments after fee deduction are transferred successfully.

ETH transfer to sellers via name.owner.call{value: sellerProfit}("") succeeds for each NFT.

NFT transfer via name.registry.safeTransferFrom() successfully transfers ownership to buyer.

Fee transfer to treasury via _treasury.call{value: totalFee}("") succeeds.

Negative behavior

Expired voucher (voucherExpiration < block.timestamp) causes SignatureExpired revert.

Invalid signature verification causes InvalidSigner revert.

Reused paymentId causes InvalidPaymentId revert.

Zero treasury address causes ZeroAddressTreasury revert.

Buyer mismatch (msg.sender != voucher.buyer) causes InvalidSender revert.

Payment amount mismatch (msg.value != voucher.amount) causes InvalidDeposit revert.

Total names price mismatch (totalAmount != voucher.amount) causes InvalidPaymentAmount revert.

Failed ETH transfer to seller causes TransferFailed revert.

Failed NFT transfer causes revert in safeTransferFrom.

Failed fee transfer to treasury causes TransferFailed revert.

Function: secondarySale(SecondarySaleVoucher calldata voucher, bytes calldata signature)

Inputs

Branches and code coverage (including function calls)

Function: `secondarySale(SecondarySaleVoucher calldata voucher, bytes calldata signature)`