Cross Mint NFT Implementation Security Audit

We were tasked with auditing the codebase of Hot Cross and in particular their NFT contract factory and minter. We were able to identify a major issue in the way the permission structure of the contracts is laid out that we have delved deeper into in the manual review chapter of this audit.

Additionally, although they are not malicious multiple re-entrancies were observed in the codebase due to the fee mechanisms using native currency with a refund as well as the way minting of an ERC1155 operates. We strongly recommend the contract to adopt the nonReentrant modifier as other contracts developed around the Hot Cross ecosystem may face difficulties due to the lack of this type of protection.

Overall, the codebase has been coded to a high standard and is well documented in all contracts.

During the audit, we filtered and validated a total of 7 findings utilizing static analysis tools as well as identified a total of 11 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style