✅RACE #7 - Bored Ape

Secureum Bootcamp Epoch∞ - June RACE #7 • Ventral DigitalVentral Digital

RACE #7

RACE #7 result

Note: All 8 questions in this RACE are based on the InSecureumApe contract. This is the same contract you will see for all the 8 questions in this RACE. InSecureumApe is adapted from a well-known contract. The question is below the shown contract.

pragma solidity ^0.7.0;

import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v3.4/contracts/access/Ownable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v3.4/contracts/token/ERC721/ERC721.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v3.4/contracts/math/SafeMath.sol";

contract InSecureumApe is ERC721, Ownable {
    using SafeMath for uint256;

    string public IA_PROVENANCE = "";

    uint256 public startingIndexBlock;

    uint256 public startingIndex;

    uint256 public constant apePrice = 800000000000000000; //0.08 ETH

    uint public constant maxApePurchase = 20;

    uint256 public MAX_APES;

    bool public saleIsActive = false;

    uint256 public REVEAL_TIMESTAMP;

    constructor(string memory name, string memory symbol, uint256 maxNftSupply, uint256 saleStart) ERC721(name, symbol) {
        MAX_APES = maxNftSupply;
        REVEAL_TIMESTAMP = saleStart + (86400 * 9);
    }

    function withdraw() public onlyOwner {
        uint balance = address(this).balance;
        msg.sender.transfer(balance);
    }

    function reserveApes() public onlyOwner {
        uint supply = totalSupply();
        uint i;
        for (i = 0; i < 30; i++) {
            _safeMint(msg.sender, supply + i);
        }
    }

    function setRevealTimestamp(uint256 revealTimeStamp) public onlyOwner {
        REVEAL_TIMESTAMP = revealTimeStamp;
    }

    function setProvenanceHash(string memory provenanceHash) public onlyOwner {
        IA_PROVENANCE = provenanceHash;
    }

    function setBaseURI(string memory baseURI) public onlyOwner {
        _setBaseURI(baseURI);
    }

    function flipSaleState() public onlyOwner {
        saleIsActive = !saleIsActive;
    }

    function mintApe(uint numberOfTokens) public payable {
        require(saleIsActive, "Sale must be active to mint Ape");
        require(numberOfTokens < maxApePurchase, "Can only mint 20 tokens at a time");
        require(totalSupply().add(numberOfTokens) <= MAX_APES, "Purchase would exceed max supply of Apes");
        require(apePrice.mul(numberOfTokens) <= msg.value, "Ether value sent is not correct");

        for(uint i = 0; i < numberOfTokens; i++) {
            uint mintIndex = totalSupply();
            if (totalSupply() < MAX_APES) {
                _safeMint(msg.sender, mintIndex);
            }
        }

        // If we haven't set the starting index and this is either 1) the last saleable token or 2) the first token to be sold after
        // the end of pre-sale, set the starting index block
        if (startingIndexBlock == 0 && (totalSupply() == MAX_APES || block.timestamp >= REVEAL_TIMESTAMP)) {
            startingIndexBlock = block.number;
        }
    }

    function setStartingIndex() public {
        require(startingIndex == 0, "Starting index is already set");
        require(startingIndexBlock != 0, "Starting index block must be set");

        startingIndex = uint(blockhash(startingIndexBlock)) % MAX_APES;
        if (block.number.sub(startingIndexBlock) > 255) {
            startingIndex = uint(blockhash(block.number - 1)) % MAX_APES;
        }
        if (startingIndex == 0) {
            startingIndex = startingIndex.add(1);
        }
    }

    function emergencySetStartingIndexBlock() public onlyOwner {
        require(startingIndex == 0, "Starting index is already set");
        startingIndexBlock = block.number;
    }
}

Question 1 ✅

The mint price of an InSecureumApe is:

• A. 0.0008 ETH

• B. 0.008 ETH

• C. 0.08 ETH

• D. 0.8 ETH -> The inline comment is wrong, do the computation on your own

My comment:

Question 2 ✅

The security concern(s) with InSecureumApe access control is/are

• A. Owner can arbitrarily pause public minting of InSecureumApes -> function flipSaleState()

• B. Owner can arbitrarily mint InSecureumApes -> function reserveApes()

• C. Single-step ownership change -> transferOwnership() from OpenZeppelin Ownable.sol

• D. Missing event emits in and time-delayed effects of owner functions -> None of the owner functions emits event or having time-delayed feature

Question 3 ✅

The security concern(s) with InSecureumApe constructor is/are

• A. Missing sanity/threshold check on maxNftSupply -> No require statement for it

• B. Missing sanity/threshold check on saleStart -> No require statement for it

• C. Potential integer overflow -> Compiler is Solidity v0.7, REVEAL_TIMESTAMP = saleStart + (86400 * 9) could overflow

• D. None of the above

Question 4 ✅

The total number of InSecureumApes that can ever be minted is

• A. maxApePurchase

• B. MAX_APES

• C. MAX_APES + 30

• D. type(uint256).max -> reserveApes() does not check for MAX_APES upperbound

Question 5 ✅

The public minting of InSecureumApes

• A. Must be paid the exact amount in Ether -> require(apePrice.mul(numberOfTokens) <= msg.value, not == msg.value

• B. May be performed 19 NFTs at a time -> require(numberOfTokens < maxApePurchase and maxApePurchase == 20

• C. Uses _safeMint to prevent locked/stuck NFTs -> _safeMint() requires the receiver to implement the onERC721Received() callback

• D. None of the above

Question 6 ✅

The security concerns with InSecureumApe is/are

• A. Use of a floating pragma and an older compiler version -> Susceptible to integer overflow/underflow

• B. Oracle price manipulation -> This contract does not use oracle, only uses a constant price apePrice

• C. Reentrancy allowing bypass of maxApePurchase check -> _safeMint() triggers the onERC721Received() callback, attacker can call mintApe(19) over and over

• D. None of the above

Question 7 - This one tricky

The starting index determination

• A. Is meant to randomize NFT reveal post-mint

• B. Can be triggered by the owner at any time -> Function emergencySetStartingIndexBlock()

• C. May be triggered only 9 days after sale start -> Can be triggered anytime by emergencySetStartingIndexBlock()

• D. Accounts for the fact that EVM only stores previous 256 block hashes

Comment:

You can read about how this is used for post-mint reveal randomization in this article.

The 9-day delay of the REVEAL_TIMESTAMP variable can be overriden at any point in time, it can also be triggered earlier if the totalSupply matches MAX_APES exactly, or be triggered at any time by the owner via emergencySetStartingIndexBlock().

It accounts for the block hash access limitation by falling back to using the hash of the previous block instead.

Question 8 ✅

Potential gas optimization(s) in InSecureumApe is/are

• A. Caching of storage variables

• B. Avoiding initializations of variables to default values of their types

• C. Use of immutables

• D. None of the above

Comment:

Whenever storage variables are read from multiple times, they should be cached in memory to safe gas. This is missing for MAX_APES in mintApe() and startingIndexBlock in setStartingIndex().

All state variables are zero-initialized by default, therefore there's no need to manually set saleIsActive to false, for example.

The state variable MAX_APES is only set once during construction and should be immutable to save gas