# PXN Smart Contract Code Review

By [kenryu](https://paragraph.com/@kenryu) · 2022-05-10

---

> ### Deployed Contract:
> 
> [https://etherscan.io/address/0x160C404B2b49CBC3240055CEaEE026df1e8497A0#code](https://etherscan.io/address/0x160C404B2b49CBC3240055CEaEE026df1e8497A0#code)

Check Item
----------

*   **Reentrancy** 🟢
    
    No severity issues were found.
    
*   **Ownership Takeover** 🟢
    
    No severity issues were found.
    
*   **Timestamp Dependence 🟡**
    
    Although there is a signature validation on the **mintDutchAuction** function, the timestamp of the block can be manipulated by the miner to [exploit the vulnerability](https://immunebytes.com/time-dependency-in-smart-contracts/).
    
    Line: # 121 - 178
    
        function mintDutchAuction(uint8 quantity, bytes calldata signature)
          public
          payable
          callerIsUser
        {
          .
          .
          require(
                    block.timestamp >= DA_STARTING_TIMESTAMP,
                    "DA has not started!"
          );
        
    
*   **Dos with (Unexpected) Revert 🟢**
    
    No severity issues were found.
    
*   **Contract Interaction 🟢**
    
    No severity issues
    

Non severity Issues
-------------------

*   **_mintWL_**, **_mintDutchAuction_**, **_teamMint_** and **_withdrawFunds_** should be external functions because they are only called externally.
    
*   **_transfer()_** in withdrawFunds function should be [avoided](https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/).
    

Conclusion
----------

Overall the contract should be good and there are no critical severity issues were found.

---

*Originally published on [kenryu](https://paragraph.com/@kenryu/pxn-smart-contract-code-review)*