• Join Sherlock Discord
• Submit findings using the issue page in your private contest repo (label issues as med or high)
• Read for more details

Mainnet

LOOKS LINK indirectly as we need to pay for VRF WETH if ETH transfer fails

The contract itself is an ERC-721A collection

None

None

None

TRUSTED

TRUSTED

The only role is the owner and it can do 3 things

1. set/extend mint period
2. start the game after mint
3. withdraw funds from the contract if the game is bricked

None

Accepted Risks

maximumAmountMintedPerAddress can be bypassed. Agents can still be minted by the contract owner even after the mint period ends, as long as it is before the game begins. The maximumAmountMintedPerAddress restriction does not apply to this. Theoretically, the contract owner can wait for 36 hours after the mint period ends, not start the game, and withdraw everything (ETH and LOOKS) from the contract. In the case of extended periods of network congestion or any reason causing the randomness request not to be fulfilled, the contract owner is able to withdraw everything after approximately 36 hours. VRF provided randomness is trusted All active agent NFTs can be transferred at any point of time, so an active agent can be listed for sale on a marketplace and be bought even in the same block if it is in a transaction before the transaction that changes its state from active to another state. _mintERC2309 is called outside of contract creation, so the contract is non-compliant with the ERC721 standard.

None

We have a keeper bot that checks what the current block number is and calls startNewRound if needed

Yes they are acceptable

No

N/A

contracts-infiltration @ 90bd6af2da7b3df1c5fac6595128ab62cf989cca

• contracts-infiltration/contracts/Infiltration.sol
• contracts-infiltration/contracts/InfiltrationPeriphery.sol