Omniscia Box Fun Audit
Unboxed Code Style Findings
Unboxed Code Style Findings
UDE-01C: Inefficient Usage of Access Control
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | Unboxed.sol:L9, L25, L49 |
Description:
The AccessControl dependency utilized by the Unboxed implementation is redundantly complex as the system solely supports the administrator role (DEFAULT_ADMIN_ROLE) and contains a single access-controlled function via it.
Example:
contracts/Unboxed.sol
19constructor(20 string memory _name,21 string memory _symbol,22 string memory _standardBaseURI,23 string memory _goldBaseURI24) ERC721(_name, _symbol) {25 _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);26
27 standardBaseURI = _standardBaseURI;28 goldBaseURI = _goldBaseURI;29}30
31/// @dev called by the Boxed NFT contract upon burn32function mint(address _to, uint256 _tokenId, bool _isGold) external {33 require(msg.sender == unboxer, "Invalid caller");34
35 isGold[_tokenId] = _isGold;36
37 _safeMint(_to, _tokenId);38}39
40function tokenURI(uint256 _tokenId) public view override returns (string memory) {41 _requireOwned(_tokenId);42
43 string memory baseURI = isGold[_tokenId] ? goldBaseURI : standardBaseURI;44
45 return string.concat(baseURI, _tokenId.toString(), ".json");46}47
48/// @param _unboxer must be the boxed NFT contract related to this unboxed NFT49function setUnboxer(address _unboxer) external onlyRole(DEFAULT_ADMIN_ROLE) {50 require(unboxer == address(0), "Unboxer already set");51
52 unboxer = _unboxer;53}Recommendation:
We advise the code to utilize an Ownable dependency instead, permitting ownership to be renounced once the unboxer has been configured and minimizing the gas and bytecode footprint of the contract.
Alleviation:
The code was updated to utilize the Ownable dependency as advised, simplifying its access control as well as override paths.