From d74420f4160a727c345033e51615c05ad8a0195e Mon Sep 17 00:00:00 2001 From: James Morgan Date: Wed, 13 Apr 2022 13:56:30 +0100 Subject: [PATCH] Audit comments --- .solhint.json | 10 +++++++++- contracts/marketplace/BaseUpgradableMarketplace.sol | 11 +++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.solhint.json b/.solhint.json index a3029a10..bb63d3cc 100644 --- a/.solhint.json +++ b/.solhint.json @@ -4,9 +4,17 @@ "rules": { "max-line-length": "ignore", "indent": "ignore", + "quotes": "ignore", + "reason-string": "ignore", + "avoid-low-level-calls": "ignore", + "not-rely-on-time": "ignore", + "no-unused-vars": "ignore", + "no-empty-blocks": "ignore", + "state-visibility": "ignore", + "visibility-modifier-order": "ignore", "compiler-version": [ "error", - "0.7.6" + "0.8.4" ] } } diff --git a/contracts/marketplace/BaseUpgradableMarketplace.sol b/contracts/marketplace/BaseUpgradableMarketplace.sol index 3a14327f..d576196d 100644 --- a/contracts/marketplace/BaseUpgradableMarketplace.sol +++ b/contracts/marketplace/BaseUpgradableMarketplace.sol @@ -2,6 +2,7 @@ pragma solidity 0.8.4; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol"; import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; @@ -73,6 +74,10 @@ abstract contract BaseUpgradableMarketplace is ReentrancyGuardUpgradeable, Pausa __ReentrancyGuard_init(); __Pausable_init(); + require(address(_accessControls) != address(0), "Unable to sent invalid accessControls address"); + require(address(_koda) != address(0), "Unable to sent invalid koda address"); + require(_platformAccount != address(0), "Unable to sent invalid _platformAccount address"); + accessControls = _accessControls; koda = _koda; platformAccount = _platformAccount; @@ -89,7 +94,8 @@ abstract contract BaseUpgradableMarketplace is ReentrancyGuardUpgradeable, Pausa } function recoverERC20(IERC20 _token, address _recipient, uint256 _amount) public onlyAdmin { - _token.transfer(_recipient, _amount); + require(_recipient != address(0), "Unable to sent funds to invalid _recipient address"); + SafeERC20.safeTransfer(_token, _recipient, _amount); emit AdminRecoverERC20(_token, _recipient, _amount); } @@ -127,6 +133,7 @@ abstract contract BaseUpgradableMarketplace is ReentrancyGuardUpgradeable, Pausa } function updatePlatformAccount(address _newPlatformAccount) public onlyAdmin { + require(_newPlatformAccount != address(0), "Unable to sent invalid _newPlatformAccount address"); emit AdminUpdatePlatformAccount(platformAccount, _newPlatformAccount); platformAccount = _newPlatformAccount; } @@ -144,7 +151,7 @@ abstract contract BaseUpgradableMarketplace is ReentrancyGuardUpgradeable, Pausa } function _handleSaleFunds(address _fundsReceiver, uint256 _platformCommission) internal { - uint256 koCommission = (msg.value / modulo) * _platformCommission; + uint256 koCommission = msg.value * _platformCommission / modulo; if (koCommission > 0) { (bool koCommissionSuccess,) = platformAccount.call{value : koCommission}(""); require(koCommissionSuccess, "commission payment failed");