Audit TestErrorNFT.sol for registration test of hyacinthaudits.xyz platform.
| Key | Value |
|---|---|
| .sol Files | 1 |
| Total nSLOC | 41 |
| Filepath | nSLOC |
|---|---|
| src/TestErrorNFT.sol | 41 |
| Total | 41 |
| Category | No. of Issues |
|---|---|
| High | 2 |
| Medium | 4 |
| Low | 5 |
There is no check to enforce the maxMintPerUser limit in the mint or batchMint functions.
2 Found Instances
-
Found in src/TestErrorNFT.sol Line: 18
function mint(address to) public { + require(userMintedCount[to] < maxMintPerUser, "Max mint per user exceeded"); + require(totalSupply() < maxSupply, "Max supply exceeded"); _safeMint(to, _tokenIdCounter.current()); _tokenIdCounter.increment(); userMintedCount[to]++; }
-
Found in src/TestErrorNFT.sol Line: 25
function batchMint(address to, uint256 amount) public { + require(userMintedCount[to] + amount <= maxMintPerUser, "Max mint per user exceeded"); + require(totalSupply() + amount <= maxSupply, "Max supply exceeded"); for (uint256 i = 0; i < amount; i++) { mint(to); } }
The contract could benefit from using checks-effects-interactions pattern for safer minting processes.
1 Found Instance
- Found in src/TestErrorNFT.sol Line: 18
No arguments were passed to the base constructor. Specify the arguments.
1 Found Instance
-
Found in src/TestErrorNFT.sol Line: 16
TypeError: No arguments passed to the base constructor. Specify the arguments Note: Base constructor parameters: --> @openzeppelin/contracts/access/Ownable.sol:38:16: | 38 | constructor(address initialOwner) { | ^^^^^^^^^^^^^^^^^^^^^^
constructor() ERC721("ErrorNFT", "ENFT") Ownable(msg.sender) {}
The line totalSupply += amount; should be inside the batchMint function.
1 Found Instance
-
Found in src/TestErrorNFT.sol Line: 30
function batchMint(address to, uint256 amount) public { for (uint256 i = 0; i < amount; i++) { mint(to); } + totalSupply += amount; } - totalSupply += amount;
The batchMint and setUserMintLimit functions should ideally be external based on the intended use case.
2 Found Instances
The totalSupply is incremented both in the mint function and in the batchMint function for each mint.
2 Found Instances
SPDX license identifiers should be added to the top of contract files.
1 Found Instance
-
Found in src/TestErrorNFT.sol Line: 0
// SPDX-License-Identifier: MIT
Instead of Wildcard Import, consider using Named Import.
3 Found Instances
-
Found in src/TestErrorNFT.sol Line: 3
import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol";
-
Found in src/TestErrorNFT.sol Line: 4
import {Counters} from "@openzeppelin/contracts/utils/Counters.sol";
-
Found in src/TestErrorNFT.sol Line: 5
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
Counters.sol in version 5 has been removed.
1 Found Instance
-
Found in src/TestErrorNFT.sol Line: 4
For consistency and readability, you may want to keep a consistent naming convention for variables (e.g., maxMintPerUser could be maxMintPerAddress).
1 Found Instance
- Found in [email protected] Line: 11
The _baseURI function should have a valid URI string in return and can be marked as pure.
1 Found Instance
-
Found in [email protected] Line: 38
function _baseURI() internal pure override returns (string memory) { return "ipfs://"; }