Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

massalabs / massa-standards Public

Notifications You must be signed in to change notification settings
Fork 76
Star 27

Code
Issues 18
Pull requests 10
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smart contract NFT internal security audit #131

Closed

3 of 10 tasks

sydhds opened this issue Nov 20, 2023 · 0 comments · Fixed by #132

Closed

3 of 10 tasks

Smart contract NFT internal security audit #131

sydhds opened this issue Nov 20, 2023 · 0 comments · Fixed by #132

Comments

Copy link

sydhds commented Nov 20, 2023 •

edited by Ben-Rey

Loading

Following the internal audit described here,

The following report has been written with few recommendations:

https://www.notion.so/massa-innoteam/FT-NFT-Contract-Audit-comments-0dd27b501ce44fcf9fbe131a7b6ebb8e?pvs=4#065acfb0b6bc4eba9e1a7070c8eb4636

Recommendations

Code Coverage and Testing

Enable coverage automatically in as-pect.config.js.
Enable coverage checks in the Continuous Integration (CI) pipeline.
Update coverage to 100% in NFT.ts and NFT-internals.ts.
Add npm audit to the CI pipeline to regularly check for package vulnerabilities.

Code Security and Best Practices

In NFT-internals.ts, _increment: Check for u64 overflow.
In NFT-internals.ts, _updateBalanceOf: Check for u64 overflow and reset.
In NFT-internals.ts, _isTokenOwner: Revise the comment about memory.compare to clarify that the comparison is of byte contents, not pointers.
In NFT-internals.ts, _setApprovalForAll: Store boolean values instead of strings (e.g., "true").
In wrapper.spec.ts: Use assert to ensure that all return values are checked.

Dependencies Update

Update the "semver" package as recommended by npm audit.

The text was updated successfully, but these errors were encountered:

All reactions

Ben-Rey linked a pull request

that will close this issue

131 smart contract nft internal security audit #132

Merged

Ben-Rey closed this as completed in #132

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging a pull request may close this issue.

131 smart contract nft internal security audit massalabs/massa-standards

1 participant

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.