cryptokitties-bounty-2
cryptokitties-bounty-2 copied to clipboard
dapperlabs
Bug bounty program for CryptoKitties Offers feature smart contract
### Description `OffersConfig.sol` defines a global variable named `uint256 offerCut`. However, `Offers.sol` then tries to define a new local variable called `uint256 offerCut` even though the global variable of the...
Offers.sol line 227 - `"cannot fufill offer – offer price too low"` Should be: `"cannot fulfill offer – offer price too low"`
### Description In OffersBase.sol, ExpiredOfferRemoved only lists three params in the comments, but shows four params in the function. ### Scenario No information is given on the parameter bidderReceived, confusing...
### Description It's possible to call setUnsuccessfulFee() without changing the existing minimumTotalValue. IF this happens, the assumption of Tmin ≥ (2 * flat fee) is violated. ### Scenario If setUnsuccessfulFee()...
### Description In OffersBase.sol, '_computeMinimumOverbidPrice' has an extra pair of parentheses. ### Impact Low/Note ### Fix `return (_offerPrice * (1e4 + minimumPriceIncrement)) / 1e4;` is equivalent to `return _offerPrice *...
### Description This is dangerous for high value kitties. According the mechanics described in the ReadMe, the only on-chain transaction done by the user accepting an offer is for them...
### Description In OffersBase.sol, the comments list params in a different order than the function lists them in for OfferCreated, OfferFulfilled, etc. ### Scenario This hurts readability, and can potentially...
### Description COO can make an attractive offer with high price for the kitty. When kitty owner approves token for Offers contract, COO can downgrade his offer and fulfill it...
### Description It seems like the intention of MinimumTotalValue is that all offers are above this value. However, there can be a scenario where this is not true. (comment from...
Metadata
Owner
Metadata
Bug bounty program for CryptoKitties Offers feature smart contract