Having some spare time, I am learning web3 and smart contract. I am learning how to do some contract audit. Today, I am going to do PxN project, which is quite popular recently.

A. Basic Analysis

When doing a contract audit, 5 areas should be considered.

• Reentrancy - Safemint or nft transfer must be the last step in the function

  function teamMint(), mintDutchAuction(), mintWL() all are the last steps in the function ✅

• Ownership - Wrong permission put into public function of the contract

  The contract has already added Ownable interface. ✅

All of the set functions added onlyOwner modifier ✅

Withdraw functions added onlyOwner modifier ✅

• Timestamp Dependency - Mint time is set from the block time 😅

• DOS with Flow✅

  Refund -→ becareful the token cant be accepted, the refund cannot be proceeded.

  In PxN Contract, there is no refund activity

• Contract Interact ✅

B. Logical Analysis

Dutch Auction: funtion mintDutchAuction(), can only mint 2

Condition:

1. DA_ACTIVE must be true
2. Must be signed from dasigner , no direct minting
3. Must not > da supply
4. Check the block time > starttime and endtime
5. Allow to mint 2 max per address
6. check the condition if pay enough

WL mint: function mintWL(), can only mint 1

Condition

1. DA auction must be finished first
2. Must be signed from wlsigner, no direct minting
3. Check if it is over 6000
4. Check if there is doubleMiniting
5. Check the block time > starttime and end time
6. check the condition if pay enough

Dev Mint: function devMint()

The remaining supply will be minted by Owner

Team Mint: function teamMint()

Allow team player to mint

This is my analysis. The contract looks good to me. I hope this is helpful!