Omniscia MetaSoccer Audit

MetaSoccerPlayers Manual Review Findings

MSP-01M: Inexistent Validation of Yielded ID

Type	Severity	Location
External Call Validation		MetaSoccerPlayers.sol:L47

Description:

The mintPlayer function does not validate the _tokenId returned by getPlayerId.

Example:

contracts/MetaSoccerPlayers.sol

43// Minting should be called by external contract/account with minter role
44function mintPlayer(address _owner, uint256 _minterType, uint256 _minterId) external onlyRole(MINTER_ROLE) nonReentrant returns (uint256) {
45  require(_owner != address(0), "Invalid owner address");
46
47  uint256 _tokenId = idGenerator.getPlayerId(_minterType, _minterId, totalSupply());
48  tokenGenerator[_tokenId][0] = _minterType;
49  tokenGenerator[_tokenId][1] = _minterId;
50
51  _safeMint(_owner, _tokenId);
52  return _tokenId;
53}

Recommendation:

We advise it to be validated by at least ensuring no existing token exists with the specified ID and potentially by being equal to the current total supply indicating an incrementing ID system.

Alleviation:

The code now properly evaluates that the ID yielded does not already exist. The Metasoccer team additionally stated that the IDs yielded may not always be incremental thus rendering our second suggestion null. As a result, we consider this exhibit adequately dealt with.

Omniscia MetaSoccer Audit

MetaSoccerPlayers Manual Review Findings

MetaSoccerPlayers Manual Review Findings

MSP-01M: Inexistent Validation of Yielded ID

Description:

Example:

Recommendation:

Alleviation:

PlayersIdGenerator.sol (PIG-S)

MetaSoccerScouting.sol (MSS-M)

On this page