NFT & Fungible token contracts #1
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| function transferCrossChain( | ||
| uint256 tokenId, | ||
| address receiver, | ||
| address destination | ||
| ) external payable { | ||
| if (receiver == address(0)) revert InvalidAddress(); | ||
|
|
||
| string memory uri = tokenURI(tokenId); | ||
| _burn(tokenId); | ||
| bytes memory message = abi.encode( | ||
| destination, | ||
| receiver, | ||
| tokenId, | ||
| uri, | ||
| msg.sender | ||
| ); | ||
| if (destination == address(0)) { | ||
| gateway.call( | ||
| universal, | ||
| message, | ||
| RevertOptions(address(this), false, address(0), message, 0) | ||
| ); | ||
| } else { | ||
| gateway.depositAndCall{value: msg.value}( | ||
| universal, | ||
| message, | ||
| RevertOptions( | ||
| address(this), | ||
| true, | ||
| address(0), | ||
| abi.encode(receiver, tokenId, uri, msg.sender), | ||
| gasLimit | ||
| ) | ||
| ); | ||
| } | ||
|
|
||
| emit TokenTransfer(destination, receiver, tokenId, uri); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
| function onCall( | ||
| MessageContext calldata context, | ||
| bytes calldata message | ||
| ) external payable onlyGateway returns (bytes4) { | ||
| if (context.sender != universal) revert Unauthorized(); | ||
|
|
||
| ( | ||
| address receiver, | ||
| uint256 tokenId, | ||
| string memory uri, | ||
| uint256 gasAmount, | ||
| address sender | ||
| ) = abi.decode(message, (address, uint256, string, uint256, address)); | ||
|
|
||
| _safeMint(receiver, tokenId); | ||
| _setTokenURI(tokenId, uri); | ||
| if (gasAmount > 0) { | ||
| (bool success, ) = sender.call{value: gasAmount}(""); | ||
| if (!success) revert GasTokenTransferFailed(); | ||
| } | ||
| emit TokenTransferReceived(receiver, tokenId, uri); | ||
| return ""; | ||
| } |
Check warning
Code scanning / Slither
Low-level calls Warning
| function transferCrossChain( | ||
| uint256 tokenId, | ||
| address receiver, | ||
| address destination | ||
| ) public { | ||
| if (receiver == address(0)) revert InvalidAddress(); | ||
| string memory uri = tokenURI(tokenId); | ||
| _burn(tokenId); | ||
|
|
||
| (, uint256 gasFee) = IZRC20(destination).withdrawGasFeeWithGasLimit( | ||
| gasLimit | ||
| ); | ||
| if ( | ||
| !IZRC20(destination).transferFrom(msg.sender, address(this), gasFee) | ||
| ) revert TransferFailed(); | ||
| IZRC20(destination).approve(address(gateway), gasFee); | ||
| bytes memory message = abi.encode( | ||
| receiver, | ||
| tokenId, | ||
| uri, | ||
| 0, | ||
| msg.sender | ||
| ); | ||
|
|
||
| CallOptions memory callOptions = CallOptions(gasLimit, false); | ||
|
|
||
| RevertOptions memory revertOptions = RevertOptions( | ||
| address(this), | ||
| true, | ||
| address(0), | ||
| abi.encode(tokenId, uri, msg.sender), | ||
| gasLimit | ||
| ); | ||
|
|
||
| gateway.call( | ||
| abi.encodePacked(connected[destination]), | ||
| destination, | ||
| message, | ||
| callOptions, | ||
| revertOptions | ||
| ); | ||
|
|
||
| emit TokenTransfer(receiver, destination, tokenId, uri); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
| function _increaseBalance( | ||
| address account, | ||
| uint128 value | ||
| ) internal override(ERC721, ERC721Enumerable) { | ||
| super._increaseBalance(account, value); | ||
| } |
Check warning
Code scanning / Slither
Dead-code Warning
| function transferCrossChain( | ||
| address destination, | ||
| address receiver, | ||
| uint256 amount | ||
| ) external payable { | ||
| if (receiver == address(0)) revert InvalidAddress(); | ||
| _burn(msg.sender, amount); | ||
|
|
||
| bytes memory message = abi.encode( | ||
| destination, | ||
| receiver, | ||
| amount, | ||
| msg.sender | ||
| ); | ||
| if (destination == address(0)) { | ||
| gateway.call( | ||
| universal, | ||
| message, | ||
| RevertOptions(address(this), false, address(0), message, 0) | ||
| ); | ||
| } else { | ||
| gateway.depositAndCall{value: msg.value}( | ||
| universal, | ||
| message, | ||
| RevertOptions( | ||
| address(this), | ||
| true, | ||
| address(0), | ||
| abi.encode(amount, msg.sender), | ||
| gasLimit | ||
| ) | ||
| ); | ||
| } | ||
|
|
||
| emit TokenTransfer(destination, receiver, amount); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
| function onCall( | ||
| MessageContext calldata context, | ||
| bytes calldata message | ||
| ) external payable onlyGateway returns (bytes4) { | ||
| if (context.sender != universal) revert Unauthorized(); | ||
| ( | ||
| address receiver, | ||
| uint256 amount, | ||
| uint256 gasAmount, | ||
| address sender | ||
| ) = abi.decode(message, (address, uint256, uint256, address)); | ||
| _mint(receiver, amount); | ||
| if (gasAmount > 0) { | ||
| (bool success, ) = sender.call{value: amount}(""); | ||
| if (!success) revert GasTokenTransferFailed(); | ||
| } | ||
| emit TokenTransferReceived(receiver, amount); | ||
| return ""; | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
| function onCall( | ||
| MessageContext calldata context, | ||
| bytes calldata message | ||
| ) external payable onlyGateway returns (bytes4) { | ||
| if (context.sender != universal) revert Unauthorized(); | ||
| ( | ||
| address receiver, | ||
| uint256 amount, | ||
| uint256 gasAmount, | ||
| address sender | ||
| ) = abi.decode(message, (address, uint256, uint256, address)); | ||
| _mint(receiver, amount); | ||
| if (gasAmount > 0) { | ||
| (bool success, ) = sender.call{value: amount}(""); | ||
| if (!success) revert GasTokenTransferFailed(); | ||
| } | ||
| emit TokenTransferReceived(receiver, amount); | ||
| return ""; | ||
| } |
Check warning
Code scanning / Slither
Low-level calls Warning
| function transferCrossChain( | ||
| address destination, | ||
| address receiver, | ||
| uint256 amount | ||
| ) public { | ||
| if (receiver == address(0)) revert InvalidAddress(); | ||
| _burn(msg.sender, amount); | ||
|
|
||
| (, uint256 gasFee) = IZRC20(destination).withdrawGasFeeWithGasLimit( | ||
| gasLimit | ||
| ); | ||
| if ( | ||
| !IZRC20(destination).transferFrom(msg.sender, address(this), gasFee) | ||
| ) revert TransferFailed(); | ||
| IZRC20(destination).approve(address(gateway), gasFee); | ||
| bytes memory message = abi.encode(receiver, amount, 0, msg.sender); | ||
|
|
||
| CallOptions memory callOptions = CallOptions(gasLimit, false); | ||
|
|
||
| RevertOptions memory revertOptions = RevertOptions( | ||
| address(this), | ||
| true, | ||
| address(0), | ||
| abi.encode(amount, msg.sender), | ||
| gasLimit | ||
| ); | ||
|
|
||
| gateway.call( | ||
| abi.encodePacked(connected[destination]), | ||
| destination, | ||
| message, | ||
| callOptions, | ||
| revertOptions | ||
| ); | ||
| emit TokenTransfer(destination, receiver, amount); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
| function onCall( | ||
| MessageContext calldata context, | ||
| address zrc20, | ||
| uint256 amount, | ||
| bytes calldata message | ||
| ) external override onlyGateway { | ||
| if (context.sender != connected[zrc20]) revert Unauthorized(); | ||
| ( | ||
| address destination, | ||
| address receiver, | ||
| uint256 tokenAmount, | ||
| address sender | ||
| ) = abi.decode(message, (address, address, uint256, address)); | ||
| if (destination == address(0)) { | ||
| _mint(receiver, tokenAmount); | ||
| } else { | ||
| (, uint256 gasFee) = IZRC20(destination).withdrawGasFeeWithGasLimit( | ||
| gasLimit | ||
| ); | ||
| uint256 out = SwapHelperLib.swapExactTokensForTokens( | ||
| uniswapRouter, | ||
| zrc20, | ||
| amount, | ||
| destination, | ||
| 0 | ||
| ); | ||
| IZRC20(destination).approve(address(gateway), out); | ||
| gateway.withdrawAndCall( | ||
| abi.encodePacked(connected[destination]), | ||
| out - gasFee, | ||
| destination, | ||
| abi.encode(receiver, tokenAmount, out - gasFee, sender), | ||
| CallOptions(gasLimit, false), | ||
| RevertOptions( | ||
| address(this), | ||
| true, | ||
| address(0), | ||
| abi.encode(tokenAmount, sender), | ||
| 0 | ||
| ) | ||
| ); | ||
| } | ||
| emit TokenTransferToDestination(destination, receiver, amount); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
No description provided.