Omniscia Nevermined Audit
DIDRegistry Manual Review Findings
DIDRegistry Manual Review Findings
DIR-01M: Provenance Out of Sync
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Medium | DIDRegistry.sol:L119-L140 |
Description:
The super.used call that registers the provenance will not be reflected in the blockchain during the EIP-1155 callback of _mint thereby misbehaving.
Example:
119function mint(120 bytes32 _did,121 uint256 _amount122)123public124onlyDIDOwner(_did)125nftIsInitialized(_did)126{127 if (didRegisterList.didRegisters[_did].mintCap > 0) {128 require(129 didRegisterList.didRegisters[_did].nftSupply + _amount <= didRegisterList.didRegisters[_did].mintCap,130 'Cap exceeded'131 );132 }133 134 didRegisterList.didRegisters[_did].nftSupply = didRegisterList.didRegisters[_did].nftSupply.add(_amount);135 super._mint(msg.sender, uint256(_did), _amount, '');136 137 super.used(138 keccak256(abi.encodePacked(_did, msg.sender, 'mint', _amount, block.number)),139 _did, msg.sender, keccak256('mint'), '', 'mint');140}Recommendation:
We advise the used call to be performed prior to the minting of the NFT to ensure that the Checks-Effects-Interactions pattern is conformed to.
Alleviation:
The statements were properly reordered to first perform the used call before minting the NFT.
DIR-02M: Ineffectual Cap Validation
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations | Minor | DIDRegistry.sol:L128-L131 |
Description:
The minting cap validation performs an unsafe addition that can render the check useless.
Example:
119function mint(120 bytes32 _did,121 uint256 _amount122)123public124onlyDIDOwner(_did)125nftIsInitialized(_did)126{127 if (didRegisterList.didRegisters[_did].mintCap > 0) {128 require(129 didRegisterList.didRegisters[_did].nftSupply + _amount <= didRegisterList.didRegisters[_did].mintCap,130 'Cap exceeded'131 );132 }133 134 didRegisterList.didRegisters[_did].nftSupply = didRegisterList.didRegisters[_did].nftSupply.add(_amount);135 super._mint(msg.sender, uint256(_did), _amount, '');136 137 super.used(138 keccak256(abi.encodePacked(_did, msg.sender, 'mint', _amount, block.number)),139 _did, msg.sender, keccak256('mint'), '', 'mint');140}Recommendation:
Although the check can be bypassed, the SafeMath addition of the nftSupply will cause the function to revert for an unrelated reason. We recommend a SafeMath addition to be utilized in the require check instead and be omitted from the nftSupply assignment if the gas optimization is desirable.
Alleviation:
The SafeMath addition was included in the require check to ensure that an overflow does not bypass the require check. We still recommend the SafeMath addition at L134 to now be omitted as it has already been safely performed in the require check and thus is not needed.