Introduction

This audit proposal provides an overview of a comprehensive technical audit of SwapMeet's inventory management system. The primary objective of this audit is to identify technical issues and vulnerabilities related to the mishandling of users' NFTs, specifically 'gears' and 'hustlers.' These issues are believed to be rooted in an indexer failure, leading to three critical challenges:

1. Inaccurate NFT Return (Gears and Hustlers) We are presently grappling with challenges pertaining to the return of NFTs, particularly gears and hustlers. It is strongly suspected that this predicament is rooted in an indexer malfunction.
2. Inability to Equip and Unequip Gears for Hustlers The incapability to equip and unequip gears for hustlers represents a crucial functional breakdown, which is likely interlinked with the aforementioned indexer predicament.
3. Failed Minting of Hustlers Although the customization of hustlers appears initially successful, the actual minting process on the blockchain fails. Curiously, the user interface continues to display the message "Minting successful. Your hustler will arrive within 15 mins," despite the hustler never materializing.

Additionally, there is an inconsistency in minting Hustler operations where success is intermittent, remains elusive.

Issues have been comprehensively documented in a video, accessible here: https://www.loom.com/share/cb8ade1556fe4f09b6b793b250b4c7d3

Objectives

The main objectives of this technical audit are as follows:

1. Identify and document all technical issues related to the mishandling of NFTs, including inaccurate NFT return (gears and hustlers), inconsistent hustler minting results, and the inability to equip and unequip gears for hustlers.
2. Assess the impact of these technical issues on the SwapMeet project's functionality and user experience.

Scope of work

The audit will employ a systematic methodology to achieve the defined objectives:

1. Code Review: A thorough review of the SwapMeet project's source code will be conducted to identify any coding errors, vulnerabilities, or discrepancy.
2. Indexer Assessment: The performance and reliability of the indexer responsible for handling NFT data will be scrutinized, including its integration with Alchemy. Any anomalies or errors in indexing data will be identified.
3. Smart Contract Analysis: The smart contracts governing NFT minting and related functionalities will be analyzed to uncover any issues in the minting process, including failures and inconsistent outcomes.
4. Front-end Assessment and potential fix implementation: Identifying issue and addressing the frontend problem that leads to an incorrect message during the hustler NFT minting, ensuring it is synchronized with the on-chain operation

Deliverables

Upon completion of the audit, the following deliverables will be provided:

1. Audit Report: A comprehensive report detailing all identified technical issues, their impact, and recommendations.
2. Possible Fix: Addressing the frontend problem that leads to an incorrect message during the hustler NFT minting, ensuring it is synchronized with the on-chain operation

Timeline

The audit timeline will be determined based on the complexity of the identified issues and the scope of necessary fixes. A preliminary estimate is as follows:

• Code Review and Indexer Assessment: Approximately 3 weeks
• Smart Contract Analysis: Approximately 2 weeks
• Front-end Examination: Approximately 1 week

Resource Allocation

The project will involve the allocation of the following resources:

• 1 Senior Full Stack- Blockchain Developer
• 1 Intermediate Backend- Blockchain Developer
• 1 Intermediate Fronted- Blockchain Developer
• 1 QA and Project Manager

Access Requirements

For the successful execution of this project, the team will necessitate the following access:

• Access to the live SwapMeet application for issue investigation and fix implementation, including server GCP access.
• Permissions to merge pull requests (PRs) in the GitHub repositories associated with SwapMeet. This is a critical requirement for code change commits and potential front-end fixes.
• Inclusion in the Alchemy team of Dopewars to aid in the investigation of event processing.

Cost Estimate

Given the scope of work and timeline outlined above, the total compensation for these tasks is estimated to be $15,650.

Conclusion

Kindly acknowledge that the provided estimates are subject to adjustments based on real time challenges encountered during the investigation and implementation phases. We pledge to furnish regular updates to the Dopewars DAO as the work progresses.

The Dopewars DAO is strongly encouraged to collaborate closely with the technical team to ensure the efficacious resolution of these issues and the enhancement of the inventory management system.

Sincerely,

Unix Labs