Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: medium
Invalid

`TRANSFER_FROM()` function lacks the emission of a Transfer event, hindering external systems' ability to track token transfers

Summary

The TRANSFER_FROM() function lacks the emission of a Transfer event, hindering external systems' ability to track token transfers. Including event emission enhances transparency and provides crucial information about token movements.

Impact

The absence of event emission in TRANSFER_FROM() limits the visibility of token transfers, potentially affecting external applications relying on Transfer events to monitor and react to token movements.

Vulnerability Details

POC

// In the HorseStore.huff file
// Original existing code snippet in TRANSFER_FROM()
#define macro TRANSFER_FROM() = takes (0) returns (0) {
// Setup the stack for the transfer function.
0x44 calldataload // [tokenId]
0x24 calldataload // [to, tokenId]
0x04 calldataload // [from, to, tokenId]
// Accounting Logic
TRANSFER_TAKE_FROM() // [from, to, tokenId]
TRANSFER_GIVE_TO() // [from, to, tokenId]
// Emit the transfer event (missing in original code)
// __EVENT_HASH(Transfer) // [sig,from, to, tokenId]
// 0x20 0x00 log4 // []
// Stop execution
stop
}

Tools Used

  • Manual code analysis

Recommendations

To address the lack of event emission in TRANSFER_FROM(), include the appropriate event emission logic to ensure that external systems receive notifications about token transfers.

This modification enhances the transparency and traceability of token movements, improving the overall functionality and interoperability of the smart contract. Regularly emitting events is a best practice for smart contract development and helps maintain a consistent and reliable system for external observers.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.