Gud Guess
Smart Contract Audit Report
Audit Summary
Gud Guess is a new ERC-20 token where users can predict the price of a "price token" at the end of each week in order to earn rewards.
For this audit, we reviewed the following contracts on the Arbitrum Mainnet:
- GudGuess contract at 0x9306f15e4CD8ab9ef017Aa720A4a63da73418d00.
- GudGuessTickets contract at 0xbB786be2f489dCeF92fC91C76222a089e22d173c.
- HolderRewards contract at 0x56a3Db933f4F7929bA197C12F7D9c477124d70EE.
- WinnersCircle contract at 0x7da767EBfEFeF69Ced327097c395a41920026866.
- TwapUtils contract at 0xdf9a6debb35be847d6addb7843e763539671b2c7.
Audit Findings
All findings have been resolved, though some centralized aspects are present.
Date: March 31st, 2023.
Updated: March 31st, 2023 with changes from commit 53b28c54c51cf5fdffad4a8846eaed1d1aa2de95 to commit 3b1e9ef1b513d9a7f36622dd9cdec30ecc8d4c2a.
Updated: April 3rd, 2023 with changes from commit 3b1e9ef1b513d9a7f36622dd9cdec30ecc8d4c2a to commit 07d724cae1ef09760dc05a8519ae22c7efe8ef79.
Updated: April 3rd, 2023 with mainnet addresses.Finding #1 - HolderRewards - High (Resolved)
Description: If _removeShares() is called with an amount of 0 the user whose balance is being decremented is set to 0:
Risk/Impact: Any user can call the GudGuess transferFrom() function with a value of 0 to set any address' HolderRewards shares to 0.uint256 removeAmount = amount == 0 ? shares[shareholder].amount : amount; totalSharesDeposited -= removeAmount; shares[shareholder].amount -= removeAmount;
Recommendation: The team should remove the following line as it is not needed to achieve the proper functionality:Resolution: The team has removed the above line from the _removeShares() function.uint256 removeAmount = amount == 0 ? shares[shareholder].amount : amount;
Finding #2 - HolderRewards - Low (Acknowledged)
Description: Rewards are distributed to all GG token holders when depositRewards() is called.
Risk/Impact: Users can purchase tokens right before rewards are going to be distributed and receive the full rewards amount despite not holding the tokens for any significant amount of time.
Recommendation: The team should consider distributing rewards over a 1 week period to ensure users must hold their tokens for a significant amount of time to receive their full rewards. This will additionally correspond to the estimated rate of distributions.
Resolution: The team plans to monitor the jackpot and adjust the rewards percentage such that this type of behavior will not be profitable. Additionally, such users will be paying a tax on all purchases which will contribute to the project's overall rewards.
Finding #3 - GudGuess - Low (Resolved)
Description: Bots are restricted from sending or receiving tokens after 10 seconds from the launchTime.
Risk/Impact: Bots can buy tokens and send them to another address within the first 10 seconds of the launchTime. This allows them to effectively bypass the restriction against bots.
Recommendation: The team should consider enforcing the bot restriction starting at the launchTime.
Resolution: Once an address has been marked as a bot they can purchase tokens but will be unable to transfer them at any time.
Finding #4 - UniswapV3FeeERC20 - Low (Resolved)
Description: The contract's full ETH balance is returned to the owner in the _createLiquidityPosition() function.
Risk/Impact: Any ETH that was already in the contract will be returned to the owner rather than the actual refund amount returned from the lpPosManager contract.
Recommendation: This function should use the following formula if there is excess ETH to ensure only the amount refunded from the lpPosManager contract is returned:Resolution: The team has modified the _createLiquidityPosition such that only excess ETH is returned rather than the contract's entire ETH balance.uint256 balanceBefore = address(this).balance; ... uint256 returnAmount = address(this).balance - (balanceBefore - _amountETH); (bool _ethRefunded, ) = payable(owner()).call{ value: returnAmount; }('');
Contracts Overview
GudGuess Contract:GudGuessTickets Contract:
- This contract defines the "Gud Guess" ERC-20 token where users can predict the price of a "price token" at the end of each week to earn rewards.
- Each token additionally represents a share in the HolderRewards contract for addresses not excluded from rewards.
- Users' shares in the HolderRewards contract will be adjusted as tokens are sent and received.
- The total supply of Gud Guess tokens is 100 million $GG [100,000,000].
- Any user may burn their own tokens to reduce the total supply.
- GG tokens may not be bought or sold until the owner has set the launch time.
- Any address that buys GG tokens within 10 seconds of the launch time will be marked as a bot.
- Addresses marked as bots will not be able to send or receive tokens at any time.
- Any address may not have more than 1% of the token's total supply within 30 minutes of the launch time.
- When taxes are enabled, for the first 30 days after the launch time there will be a 5% tax taken on buys.
- When taxes are enabled, after 30 days the tax will be reduced to 0.5%.
- All taxes collected will be stored within this contract.
- The contract will perform an automated swap when the following conditions are met:
- Swapping is enabled.
- The owner has initialized a Uniswap liquidity position.
- The contract's GG token balance has reached the "swap at amount".
- The "burn percentage" of the swap at amount of tokens will be burned during the swap.
- The remaining amount of tokens will be swapped for ETH and stored within the contract.
- Any user may purchase a "ticket" at any time.
- A ticket constitutes a prediction of the price token's price at the end of the week.
- Users may only purchase tickets for the current week from Monday 12:00 AM to Thursday 11:59:59 PM.
- After Thursday at 11:59:59 PM, any tickets purchased will apply to the next week's price.
- The price of a ticket will increase over the course of the guess period reaching the max price at Thursday 11:59:59 PM.
- Rewards won by winners will be distributed based on the "weight" of each ticket.
- Tickets bought at the beginning of the guess period will have more weight decreasing until reaching minimum weight at Thursday 11:59:59 PM.
- The purchasing user will be minted a "Gud Guess Tickets" NFT representing their predicted price.
- During the first transfer starting Monday at 12:00 AM the winning price for the previous week will be recorded if there were any predictions made.
- The current price is determined in the TwapUtils contract.
- The "rewards percentage" of the contract's current ETH balance will be distributed as rewards in the HolderRewards contract.
- The "winnings percentage" of the contract's ETH balance will be distributed to users who correctly predicted the price at the end of the week.
- An "admin percentage" will be taken from the winning percentage of ETH and sent to the AdminWallet address if the admin percentage has been set.
- The winnings percentage will be sent to the WinnersCircle contract where users who predicted correctly may claim their rewards.
- The owner may create a Uniswap liquidity pool at a specified fee amount at any time.
- The owner may create a liquidity position in one of the liquidity pools with a specified percentage of the contract's token balance at any time.
- The owner may collect fees from a liquidity position in a specified pool at any time.
- The owner may deposit a liquidity position NFT to the contract at any time.
- The owner may withdraw a liquidity position NFT from the contract at any time.
- The owner may set the launch time to the current time once a liquidity position has been created.
- The owner may manually trigger the contract to record the winning price for the previous week if any predictions were made.
- The owner may trigger a manual swap of GG tokens for ETH if the contract's GG token balance is above the swap at amount.
- The owner may update the price token, price pool, and whether the contract is paired with WETH at any time.
- The owner may set the native stable pool to any pool where one of the tokens is ETH.
- The owner may toggle any address as an Automated Market Maker (AMM) at any time.
- The owner may toggle whether the contract will swap for ETH at any time.
- The owner may toggle whether taxes are collected at any time.
- The owner may remove any address from the bot list at any time.
- The owner may update the TwapUtils, GudGuessTickets, WinnersCircle, and AdminWallet addresses at any time.
- The owner may set the burn percentage up to 100% at any time.
- The owner may set the rewards percentage up to 10% at any time.
- The owner may set the winnings percentage up to 80% at any time.
- The owner may set the admin percentage up to 5% at any time.
- The owner may set the minimum and maximum weight for each ticket to any values at any time.
- The owner may set the minimum and maximum price per ticket to any values at any time.
- The owner may toggle whether any address is included in rewards at any time.
- The owner may set the precision decimals used for rounding to any value at any time.
- The owner may set the number of days before Sunday that guesses are no longer allowed for the current week at any time.
HolderRewards Contract:
- This contract defines "Gud Guess Tickets" NFTs.
- tGG NFTs are minted by the GudGuess contract when users purchase a ticket.
- Each NFT represents the user's predicted price for the price token at the end of the week.
- This contract also implements the EIP-2981 NFT Royalty standard to support paying NFT creators a royalty on NFT Marketplaces.
- The owner may update the Royalty address and Royalty basis points at any time.
- The owner may update the base URI at any time.
WinnersCircle Contract:
- This contract is used to distribute rewards to GG token holders.
- Each GG token represents 1 share in this contract. Users' balances are updated by the GudGuess contract as tokens are transferred.
- Users will earn a reward in ETH per share.
- Users' rewards will be distributed each time their share balance is updated.
- Users may manually claim their rewards at any time.
- Any address may deposit rewards into the contract.
- Depositing rewards will add to the accumulated reward per share for all users.
TwapUtils Contract:
- This contract is used to distribute ETH rewards to users who correctly predict the price of the price token in the GudGuess contract.
- Users may claim their rewards after the week has ended and the correct price has been set.
- Users will earn a fraction of rewards equal to the weight of their ticket relative to the total weight of all winning tickets.
- This contract is used to determine the current value of a token in a UniswapV3 liquidity pool.
- The price is determined using a Time-Weighted Average Price Oracle (TWAP).
- The price is calculated using a 5-minute interval.
- The owner may set the TWAP interval to any value at any time.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Jump/Storage Write | N/A | PASS |
| Centralization of Control |
|
WARNING |
| Compiler Issues | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Ether/Token Theft | N/A | PASS |
| Flash Loans | N/A | PASS |
| Front Running | Users can purchase GG tokens directly before rewards are distributed to receive full rewards. | WARNING |
| Improper Events | N/A | PASS |
| Improper Authorization Scheme | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Oracle Issues | N/A | PASS |
| Outdated Compiler Version | N/A | PASS |
| Race Conditions | N/A | PASS |
| Reentrancy | N/A | PASS |
| Signature Issues | N/A | PASS |
| Sybil Attack | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unused Code | N/A | PASS |
| Overall Contract Safety | PASS |
GudGuess Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] FixedPoint96
+ HolderRewards
- [Pub] Constructor #
- [Ext] setShare #
- modifiers: onlyToken
- [Prv] _addShares #
- [Prv] _removeShares #
- [Ext] depositRewards ($)
- [Int] _distributeReward #
- [Ext] claimReward #
- [Pub] getUnpaid
- [Ext] getShares
- [Int] _getCumulativeRewards
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] Constructor #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IUniswapV3PoolImmutables
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] fee
- [Ext] tickSpacing
- [Ext] maxLiquidityPerTick
+ [Int] IUniswapV3PoolState
- [Ext] slot0
- [Ext] feeGrowthGlobal0X128
- [Ext] feeGrowthGlobal1X128
- [Ext] protocolFees
- [Ext] liquidity
- [Ext] ticks
- [Ext] tickBitmap
- [Ext] positions
- [Ext] observations
+ [Int] IUniswapV3PoolDerivedState
- [Ext] observe
- [Ext] snapshotCumulativesInside
+ [Int] IUniswapV3PoolActions
- [Ext] initialize #
- [Ext] mint #
- [Ext] collect #
- [Ext] burn #
- [Ext] swap #
- [Ext] flash #
- [Ext] increaseObservationCardinalityNext #
+ [Int] IUniswapV3PoolOwnerActions
- [Ext] setFeeProtocol #
- [Ext] collectProtocol #
+ [Int] IUniswapV3PoolEvents
+ [Int] IUniswapV3Pool (IUniswapV3PoolImmutables, IUniswapV3PoolState, IUniswapV3PoolDerivedState, IUniswapV3PoolActions, IUniswapV3PoolOwnerActions, IUniswapV3PoolEvents)
+ [Lib] TickMath
- [Int] getSqrtRatioAtTick
- [Int] getTickAtSqrtRatio
+ [Int] IUniswapV3SwapCallback
- [Ext] uniswapV3SwapCallback #
+ [Int] ISwapRouter (IUniswapV3SwapCallback)
- [Ext] exactInputSingle ($)
- [Ext] exactInput ($)
- [Ext] exactOutputSingle ($)
- [Ext] exactOutput ($)
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ [Int] IPoolInitializer
- [Ext] createAndInitializePoolIfNecessary ($)
+ [Int] IERC721Permit (IERC721)
- [Ext] PERMIT_TYPEHASH
- [Ext] DOMAIN_SEPARATOR
- [Ext] permit ($)
+ [Int] IPeripheryPayments
- [Ext] unwrapWETH9 ($)
- [Ext] refundETH ($)
- [Ext] sweepToken ($)
+ [Int] IPeripheryImmutableState
- [Ext] factory
- [Ext] WETH9
+ [Lib] PoolAddress
- [Int] getPoolKey
- [Int] computeAddress
+ [Int] INonfungiblePositionManager (IPoolInitializer, IPeripheryPayments, IPeripheryImmutableState, IERC721Metadata, IERC721Enumerable, IERC721Permit)
- [Ext] positions
- [Ext] mint ($)
- [Ext] increaseLiquidity ($)
- [Ext] decreaseLiquidity ($)
- [Ext] collect ($)
- [Ext] burn ($)
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] TransferHelper
- [Int] safeTransferFrom #
- [Int] safeTransfer #
- [Int] safeApprove #
- [Int] safeTransferETH #
+ PeripheryImmutableState (IPeripheryImmutableState)
- [Pub] Constructor #
+ [Int] IWETH
- [Ext] balanceOf
- [Ext] decimals
- [Ext] deposit ($)
- [Ext] withdraw #
+ UniswapV3FeeERC20 (IERC721Receiver, ERC20, Ownable, PeripheryImmutableState)
- [Pub] Constructor #
- modifiers: ERC20,PeripheryImmutableState
- [Ext] onERC721Received #
- [Ext] collectLiquidityPositionFees #
- [Ext] depositLiquidityPosition #
- modifiers: onlyOwner
- [Ext] withdrawLiquidityPosition #
- modifiers: onlyOwner
- [Int] _createLiquidityPool #
- [Int] _createLiquidityPosition #
- [Int] _swapTokensForETH #
- [Int] _getPoolInfo
- [Int] _getToken0AndToken1
- [Ext] Receive Ether ($)
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IGudGuessTickets (IERC721)
- [Ext] tickets
- [Ext] mint #
+ [Int] ITwapUtils
- [Ext] twapInterval
- [Ext] getPoolPriceUSDX96
- [Ext] getSqrtPriceX96FromPoolAndInterval
- [Ext] getSqrtPriceX96FromPriceX96
- [Ext] getPriceX96FromSqrtPriceX96
+ [Int] IWinnersCircle
- [Ext] closeWeeklyAndAddWinnings ($)
+ [Lib] BokkyPooBahsDateTimeLibrary
- [Int] _daysFromDate
- [Int] _daysToDate
- [Int] timestampFromDate
- [Int] timestampFromDateTime
- [Int] timestampToDate
- [Int] timestampToDateTime
- [Int] isValidDate
- [Int] isValidDateTime
- [Int] isLeapYear
- [Int] _isLeapYear
- [Int] isWeekDay
- [Int] isWeekEnd
- [Int] getDaysInMonth
- [Int] _getDaysInMonth
- [Int] getDayOfWeek
- [Int] getYear
- [Int] getMonth
- [Int] getDay
- [Int] getHour
- [Int] getMinute
- [Int] getSecond
- [Int] addYears
- [Int] addMonths
- [Int] addDays
- [Int] addHours
- [Int] addMinutes
- [Int] addSeconds
- [Int] subYears
- [Int] subMonths
- [Int] subDays
- [Int] subHours
- [Int] subMinutes
- [Int] subSeconds
- [Int] diffYears
- [Int] diffMonths
- [Int] diffDays
- [Int] diffHours
- [Int] diffMinutes
- [Int] diffSeconds
+ GudGuess (UniswapV3FeeERC20)
- [Pub] Constructor #
- modifiers: UniswapV3FeeERC20
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _swapForETHAndProcess #
- modifiers: lockSwap
- [Int] _buyTicket #
- [Int] _checkAndSubmitPreviousWeeklyClose #
- [Int] _getStartEndOfWeekly
- [Int] _getCurrentWinningsWeight
- [Int] _getSwapAtAmount
- [Int] _canReceiveRewards
- [Ext] burn #
- [Ext] lpCreatePool #
- modifiers: onlyOwner
- [Ext] lpCreatePosition ($)
- modifiers: onlyOwner
- [Ext] launch #
- modifiers: onlyOwner
- [Ext] submitClose #
- [Ext] buyTicket #
- [Ext] buyMultipleTickets #
- [Pub] getCurrentPriceTokensPerTicket
- [Pub] getCurrentPriceUSDX96
- [Pub] getWeeklyCloseFromTimestamp
- [Ext] manualSwap #
- modifiers: onlyOwner
- [Ext] setPriceTokenAndPool #
- modifiers: onlyOwner
- [Ext] setNativeStablePool #
- modifiers: onlyOwner
- [Ext] toggleAmm #
- modifiers: onlyOwner
- [Ext] forgiveBot #
- modifiers: onlyOwner
- [Ext] setTwapUtils #
- modifiers: onlyOwner
- [Ext] setTickets #
- modifiers: onlyOwner
- [Ext] setWinnersCircle #
- modifiers: onlyOwner
- [Ext] setAdminWallet #
- modifiers: onlyOwner
- [Ext] setBurnPerc #
- modifiers: onlyOwner
- [Ext] setRewardsPerc #
- modifiers: onlyOwner
- [Ext] setWinningsPerc #
- modifiers: onlyOwner
- [Ext] setAdminPerc #
- modifiers: onlyOwner
- [Ext] setGuessJackpotWeights #
- modifiers: onlyOwner
- [Ext] setPricePerTicketUSDX96 #
- modifiers: onlyOwner
- [Ext] setSwapAtAmountSupplyPerc #
- modifiers: onlyOwner
- [Ext] setIsRewardsExcluded #
- modifiers: onlyOwner
- [Ext] setPrecisionDecimals #
- modifiers: onlyOwner
- [Ext] setGuessCutoffBeforeClose #
- modifiers: onlyOwner
- [Ext] getShares #
- [Int] _afterTokenTransfer #GudGuessTickets Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ ERC165 (IERC165)
- [Pub] Constructor #
- [Pub] supportsInterface
- [Int] _registerInterface #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ [Lib] EnumerableMap
- [Prv] _set #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _tryGet
- [Prv] _get
- [Prv] _get
- [Int] set #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] tryGet
- [Int] get
- [Int] get
+ [Lib] Strings
- [Int] toString
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata, IERC721Enumerable)
- [Pub] Constructor #
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Pub] baseURI
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _setTokenURI #
- [Int] _setBaseURI #
- [Prv] _checkOnERC721Received #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] Counters
- [Int] current
- [Int] increment #
- [Int] decrement #
+ [Int] IGudGuessTickets (IERC721)
- [Ext] tickets
- [Ext] mint #
+ ERC721Enumerable (IERC721Enumerable, ERC721)
- [Pub] supportsInterface
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Int] _beforeTokenTransfer #
- [Prv] _addTokenToOwnerEnumeration #
- [Prv] _addTokenToAllTokensEnumeration #
- [Prv] _removeTokenFromOwnerEnumeration #
- [Prv] _removeTokenFromAllTokensEnumeration #
+ GudGuessTickets (IGudGuessTickets, ERC721Enumerable, Ownable)
- [Pub] Constructor #
- modifiers: ERC721
- [Ext] tickets
- [Ext] mint #
- modifiers: onlyGudPrice
- [Ext] royaltyInfo
- [Pub] tokenURI
- [Pub] contractURI
- [Pub] supportsInterface
- [Ext] getLastMintedTokenId
- [Ext] doesTokenExist
- [Ext] setRoyaltyAddress #
- modifiers: onlyOwner
- [Ext] setRoyaltyBasisPoints #
- modifiers: onlyOwner
- [Ext] setBaseURI #
- modifiers: onlyOwner
- [Int] _baseURIHolderRewards Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ HolderRewards
- [Pub] Constructor #
- [Ext] setShare #
- modifiers: onlyToken
- [Prv] _addShares #
- [Prv] _removeShares #
- [Ext] depositRewards ($)
- [Int] _distributeReward #
- [Ext] claimReward #
- [Pub] getUnpaid
- [Ext] getShares
- [Int] _getCumulativeRewardsWinnersCircle Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IGudGuessTickets (IERC721)
- [Ext] tickets
- [Ext] mint #
+ [Int] IWinnersCircle
- [Ext] closeWeeklyAndAddWinnings ($)
+ WinnersCircle (IWinnersCircle)
- [Pub] Constructor #
- [Ext] closeWeeklyAndAddWinnings ($)
- modifiers: onlyGudPrice
- [Ext] claimTicketWinnings #TwapUtils Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IUniswapV3PoolImmutables
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] fee
- [Ext] tickSpacing
- [Ext] maxLiquidityPerTick
+ [Int] IUniswapV3PoolState
- [Ext] slot0
- [Ext] feeGrowthGlobal0X128
- [Ext] feeGrowthGlobal1X128
- [Ext] protocolFees
- [Ext] liquidity
- [Ext] ticks
- [Ext] tickBitmap
- [Ext] positions
- [Ext] observations
+ [Int] IUniswapV3PoolDerivedState
- [Ext] observe
- [Ext] snapshotCumulativesInside
+ [Int] IUniswapV3PoolActions
- [Ext] initialize #
- [Ext] mint #
- [Ext] collect #
- [Ext] burn #
- [Ext] swap #
- [Ext] flash #
- [Ext] increaseObservationCardinalityNext #
+ [Int] IUniswapV3PoolOwnerActions
- [Ext] setFeeProtocol #
- [Ext] collectProtocol #
+ [Int] IUniswapV3PoolEvents
+ [Int] IUniswapV3Pool (IUniswapV3PoolImmutables, IUniswapV3PoolState, IUniswapV3PoolDerivedState, IUniswapV3PoolActions, IUniswapV3PoolOwnerActions, IUniswapV3PoolEvents)
+ [Lib] TickMath
- [Int] getSqrtRatioAtTick
- [Int] getTickAtSqrtRatio
+ [Lib] FixedPoint96
+ [Lib] FullMath
- [Int] mulDiv
- [Int] mulDivRoundingUp
+ [Int] IERC20Metadata
- [Ext] decimals
+ [Int] ITwapUtils
- [Ext] twapInterval
- [Ext] getPoolPriceUSDX96
- [Ext] getSqrtPriceX96FromPoolAndInterval
- [Ext] getSqrtPriceX96FromPriceX96
- [Ext] getPriceX96FromSqrtPriceX96
+ TwapUtils (ITwapUtils, Ownable)
- [Pub] getPoolPriceUSDX96
- [Pub] getSqrtPriceX96FromPoolAndInterval
- [Pub] getSqrtPriceX96FromPriceX96
- [Pub] getPriceX96FromSqrtPriceX96
- [Int] _sqrt
- [Int] _getNormalizedPriceX96
- [Ext] setTwapInterval #
- modifiers: onlyOwner
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.