Assessment reportsPublic findings
Back to Zellic site
Assessment reports>MightyNetERC1155Claimer>Threat Models>claim
GeneralOverview
Findings
High (1)
Medium (2)
DiscussionUnnecessary modifier
Threat ModelsWhat are threat models?
MightyNetERC1155Claimer.solamountClaimableclaim
Audit ResultsSummary

Function: claim(byte[32][] merkleProof)

The function used by users to claim their mnERC1155 tokens.

Inputs

  • merkleProof

    • Control: Fully controlled.

    • Constraints: Should be a valid Merkle proofs array.

    • Impact: Used to determine the amount of tokens to mint for the user, if the proofs are valid.

Branches and code coverage (including function calls)

Intended branches

  • Users should be able to claim if the correct proof is provided.

Negative behavior

  • Users cannot claim multiple times.

  • Revert if user is not whitelisted.

Function call analysis

  • claim -> mnERC1155.mint(msg.sender, tokenId, toMint + 1)

    • What is controllable? msg.sender.

    • If return value controllable, how is it used and how can it go wrong? N/A, no return value.

    • What happens if it reverts, reenters, or does other unusual control flow? If the mint call reverts, the entire function would revert. Check-effects-interactions along with nonReentrant modifier is implemented correctly, so reentrancy is not an issue.

Zellic © 2024Back to top ↑