Smart Contract Security Audit For CryptoBear Watch Club

Score:
9.8 /10
Ecosystem:
Ethereum
Type:
NFT Collection
Background Image

Overview

CryptoBear Watch Club is a platform that has a collection of 10,000 NFTs. All CryptoBear NFTs are stored as ERC-721 tokens on the Ethereum Blockchain and hosted on IPFS. In order to access members-only areas, CryptoBear watch holders must sign into their Metamask Wallet. So let’s find out our case study of the smart contract security audit for NFT collection.

Services: Smart Contracts Audit
Technologies: Ethereum Solidity

Task

Blaize’s task was to check the contracts for the following parameters:

  • Whether the contract is secure;
  • Whether the contract corresponds to the documentation;
  • Whether the contract meets best practices in efficient use of gas, code readability.

Thus we have scanned these smart contracts for commonly known and more specific vulnerabilities:

  • Unsafe type inference;
  • Timestamp Dependence;
  • Reentrancy;
  • Implicit visibility level;
  • Gas Limit and Loops;
  • Transaction-Ordering Dependence;
  • Unchecked external call;
  • Unchecked math;
  • DoS with Block Gas Limit;
  • DoS with (unexpected) Throw;
  • Byte array vulnerabilities;
  • Malicious libraries;
  • Style guide violation;
  • ERC-20 API violation;
  • Uninitialized state/storage/
  • local variables;
  • Compile version not fixed.

In this case, the Blaize team considers the security of the smart contracts for CryptoBear NFT protocol. The task was to find and describe security issues in the smart contracts of the platform. The scope of the project is a CryptoBear set of CryptoBearWatchClub and Arkouda smart contracts. The security audit for NFT project included the unit test coverage, based on the smart contracts code, documentation, and requirements presented by the CryptoBear team. Coverage was calculated based on the set of Truffle framework tests and scripts from additional testing strategies.

Smart Contract Security Audit

Our case study of smart contract security audit for NFT platform did not become something special in the context of the procedure. Blaize.Security has an established security audit procedure. It includes the following steps:

Comprehensive Security Audit

  • Check for code consistency whether the contract corresponds to the documentation;
  • Checks against the standard list of vulnerabilities we have mentioned above;
  • Static analysis by automated tools;
  • Manual code analysis and code quality review;
  • Gas usage analysis;
  • Unit tests coverage check;
  • Creation of own set of unit-tests for the full coverage;
  • Security analysis report delivery;
  • Post-audit fixes review.

Automated Tools Analysis

  • The automated analysis for CryptoBear contained a scanning contract by several public available automated analysis tools such as Mythril, Solhint, Slither, and Smartdec.

Manual Code Review

  • Manual testing is a process of reading source code line-by-line in an attempt to identify potential vulnerabilities and check the operational work of smart contracts in general.
  • This is highly recommended for an exploratory check of vulnerabilities hidden not in the code itself, but in contract logic or architecture.
  • In the case of the CryptoBear NFT project audit, Blaize’s team performed the manual analysis of smart contracts for security vulnerabilities and also checked smart contract logic and compared it with the one described in the documentation.

Security Analysis Report

  • In the end of the security audit for NFT project, we have provided to CryptoBear a smart contracts’ security analysis report. The document contains all founded risks and the possible variants of its mitigations, issues, vulnerabilities details, and recommendations for their improvements.

Audit Result

According to the audit, the CryptoBear smart contracts contained only one critical issue connected to the incorrect funds flow – it allowed users to claim rewards regardless contract rules. Yet, the team has already fixed this issue.

All other issues were connected to missed checks, which may block the contract, and code quality. Nevertheless, all security risk issues were fixed by the team.

Audit Result Image

The overall security of CryptoBear smart contract can be evaluated as secure, it performs all desired actions and has solid functionality. However, the code lacks of readability and the overall code quality may be increased. In this regard, the security of the smart-contracts system of CryptoBear Watch Club can be evaluated as Highly Secure, 9.8 out of 10.

Score:
9.8 /10
Rate Background

Get in Touch

Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals.
Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.