We are building a "gas bad" marketplace. An NFT marketplace, but we are going for a gas optimized version.
To do this, we are writing 2 types of smart contracts:
- Reference contracts in solidity
- Optimized contracts in solidity / assembly
We will be deploying GasBadNftMarketplace.sol
to the Ethereum mainnet, but are using NftMarketplace.sol
as a reference point.
- Gas Bad NFT Marketplace
- Gas Bad NFT Marketplace
- About
- Getting Started
- Usage
- Audit Scope Details
- Roles
- Known Issues
We are building a "gas bad" marketplace. An NFT marketplace, but we are going for a gas optimized version.
To do this, we are writing 2 types of smart contracts:
- Reference contracts in solidity
- Optimized contracts in solidity / assembly
We will be deploying GasBadNftMarketplace.sol
to the Ethereum mainnet, but are using NftMarketplace.sol
as a reference point.
- git
- You'll know you did it right if you can run
git --version
and you see a response likegit version x.x.x
- You'll know you did it right if you can run
- foundry
- You'll know you did it right if you can run
forge --version
and you see a response likeforge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)
- You'll know you did it right if you can run
- certoraRun cli
- You'll know you did it right if you can run
certoraRun --version
and you see a response likecertora-cli 6.1.4
- You'll also need a certora environment variable named
CERTORAKEY
- You may need python and
pip
installed to install the certora cli
- You'll know you did it right if you can run
git clone https://github.com/Cyfrin/12-gas-bad-nft-marketplace-audit
cd 12-gas-bad-nft-marketplace-audit
make
After installing the Certora CLI, you'll need to set up your environment variables. The instructions here only work for linux/macOs/windows WSL.
export CERTORAKEY=<personal_access_key>
or, you can ruh:
source .env.example
You can check if the environment variable is set by running:
echo $CERTORAKEY
In this repo, we will be heavily relying on Certora to make sure our codebase is good! We have the following specs:
GasBadNft.spec
: For formally verifying theGasBadNftContract.sol
NftMock.spec
: For showcasing some cool Certora functionality 😊
The two main commands to run the specs, respectively are:
make certora
make certoraNft
See the Makefile
for more details.
forge test
forge coverage
and for coverage based testing:
forge coverage --report debug
- Commit Hash:
- In Scope:
- Solc Version: 0.8.20
- Chain(s) to deploy contract to:
- Ethereum
- Tokens:
- None
- Buyer: Someone who buys an NFT from the marketplace
- Seller: Someone who sells and NFT on the marketplace
- The seller can front-run a bought NFT and cancel the listing
- The seller can front-run a bought NFT and update the listing
- We should emit an event for withdrawing proceeds
- There are MEV/Front Running issues all over the place