three sigma logo
Pixel Race Club

Code Audit

Pixel Race Club

A decentralized, NFT-powered PvP racing platform where players customize voxel cars, bet on-chain, and battle for leaderboard glory, Pixel Race Club brings retro kart action to Blast L2.

Audit Report

Severity Issues

critical
high

0

informational

6

medium

1

low

2

Audit Period

0.4 PW

Report

Introduction

Pixel Race Club is an online multiplayer kart racing game on Abstract, designed with voxel graphics. The game emphasizes social interactions and competitive racing, offering exclusive benefits for PRC-related NFT holders, giving them strategic advantages during races.

Why Did They Need an Audit?

Pixel Race Club sought a security audit to ensure the integrity and safety of their NFT minting and management functions. Due to the potential financial impact of errors in minting logic and access control, as well as the upgradable nature of their contracts, the project required a comprehensive security review to detect potential vulnerabilities and safeguard user assets.

Scope of the Engagement

What Was Audited?

The audit focused on the Pixel Race Club system, covering 3 Solidity files with a total of 186 nSLOC. The key components examined included:

  1. PRCSR - Main contract handling minting and NFT management.
  2. IPRCSR - Interface for minting functions.
  3. UUPSProxy - Manages upgradability of the PRCSR contract.

Key Objectives:

  • Detect vulnerabilities in the minting process, especially regarding reentrancy and supply limits.
  • Assess access control mechanisms and identify risks associated with admin roles.
  • Ensure upgradability logic does not introduce security flaws.
  • Verify correct handling of payments and refunds during minting.

Audit Date: 2025-04-29

Language: Solidity

Type: Code Audit

Results and Findings

Key Medium Issue: Missing Reentrancy Lock in Minting Functions

  • Description: The safeMintBatch and safeMintArray functions lacked a reentrancy lock, allowing attackers to bypass the NFT supply limit.
  • Resolution: Added the nonReentrant modifier to the affected functions to ensure that reentrant calls are blocked.

Notable Low-Severity Issues:

  • Zero-Address Check Missing: Several functions did not validate against zero addresses, potentially causing errors.
  • Missing Refund Mechanism: Overpayment during public and whitelist minting was not refunded.

Blockchain security isn't optional.

Protect your smart contracts and DeFi protocols with Three Sigma, a trusted security partner in blockchain audits, smart contract vulnerability assessments, and Web3 security.

Get a Quote Today

In conclusion

Three Sigma's audit of Pixel Race Club identified and addressed several critical areas, including minting logic and access control. By resolving the issues related to reentrancy and implementing more robust input validation, the protocol now offers enhanced security for its users. These improvements reduce risks associated with minting and upgradability, fostering a more reliable gaming experience.

Secure Your Crypto Project Before It’s Too Late. Get in Touch Today.

Get a Quote Today
Follow us on