Report for issue #178 updated by ZdravkoHr

code-423n4 · Nov 8, 2023 · a8b904a · a8b904a
1 parent 9972a2b
commit a8b904a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/data/ZdravkoHr-Q.md b/data/ZdravkoHr-Q.md
@@ -3,6 +3,16 @@
 # [L-1] Malicious receiver can stop airdropping
 The MinterContract allows airdrops. The [airdrop](https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L181-L192) function loops through every recipient and mints him an amount of NFTs. If one of the receivers does not implement the ERC721 **onERC721Received** or implements it to always revert, the whole airdrop will fail. Consider using [Pull over Push](https://fravoll.github.io/solidity-patterns/pull_over_push.html)
 
+# [L-2] NFTs minted in the same block will have the same hash preimage excluding the mintIndex
+Since an NFTs hash in [*XRandoms.sol*](https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/XRandoms.sol#L35-L43) is generated by a mintIndex, block.prevrandao, blockhash and block.number, all NFTs generated in the same block will have the same preimage except for mintIndex. Because mintIndex cannot be the same for 2 tokens, this is a finding of LOW severity.
+
+# [L-3] The last word of the wordList cannot be accessed
+The [*XRandoms.getWord*](https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/XRandoms.sol#L15-L33) function stores 100 words as strings in an array. It takes an **id** parameter and returns words[id] if the id is 0 and words[id - 1] otherwise.
+The function is private, so it can be called only from the same contract. The only place where it is called is the [*XRandoms.randomWord*](https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/XRandoms.sol#L40-L43) with a value from 0-99. The last word is at index 99. It can never be accessed because the id is subtracted by 1.
+
+
 # [NC-1] Organize the files in the main folder
 Currently, all files are stored in the root folders. Consider organizing them into different folders. For example, **libs**, **randoms**, **core**
 
+# [NC-2] Format the code
+The code is not formatted properly. Consider using a tool that formats it.