Niftykit-Contracts-V3 Audit#

Download

Perfect Abstractions conducted a smart contract audit of Niftykit's Niftykit-Contracts-V3 from 7 March 2023 to 28 March 2023.

This audit was carried out in 2 stages. The 1st stage based on the hash 1f0cd5c59429c230fd85fd97a0ea0fb0483533a4, and the 2nd stage starting on 15 March and based on the hash e88f77b124d513ee859ad56a106ecb88e131f7a0, allowing further analysis of the codebase.

In this document we will mainly detail the 2nd part of the audit (git hash e88f77b124d513ee859ad56a106ecb88e131f7a0) because it concerns the current code version. However, we will list in the appendix certain elements highlighted and fixed in the 1st part of the audit to show the corrected vulnerabilities, certain optimizations carried out and a relevant overhaul of the design allowing compliance with the EIP-2535 Diamonds.

Auditors:

Thibaud Catz

Audit report reviewed by Nick Mudge.

Project description#

NiftyKit is a no-code platform for NFT creators. It allows people to create, manage and sell NFTs. This new version of NiftyKit implements EIP-2535 Diamonds, allowing it to easily add or remove functionality for NFT collections. The codebase is modular and well written.

Objectives#

Find bugs, inefficiencies and security vulnerabilities in the code base.
Make recommendations concerning bugs, inefficiencies and security vulnerabilities found as well as other recommendations that may improve the code base.

Scope#

The following files were audited (hash e88f77b124d513ee859ad56a106ecb88e131f7a0):