First Flight #7: Horse Store

First Flight #7

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

`TRANSFER_FROM()` function lacks the emission of a Transfer event, hindering external systems' ability to track token transfers

0xVinylDavyl

Summary

The TRANSFER_FROM() function lacks the emission of a Transfer event, hindering external systems' ability to track token transfers. Including event emission enhances transparency and provides crucial information about token movements.

Impact

The absence of event emission in TRANSFER_FROM() limits the visibility of token transfers, potentially affecting external applications relying on Transfer events to monitor and react to token movements.

Vulnerability Details

POC

// In the HorseStore.huff file

// Original existing code snippet in TRANSFER_FROM()

#define macro TRANSFER_FROM() = takes (0) returns (0) {

// Setup the stack for the transfer function.

0x44 calldataload // [tokenId]

0x24 calldataload // [to, tokenId]

0x04 calldataload // [from, to, tokenId]

// Accounting Logic

TRANSFER_TAKE_FROM() // [from, to, tokenId]

TRANSFER_GIVE_TO() // [from, to, tokenId]

// Emit the transfer event (missing in original code)

// __EVENT_HASH(Transfer) // [sig,from, to, tokenId]

// 0x20 0x00 log4 // []

// Stop execution

stop

}

Tools Used

Manual code analysis

Recommendations

To address the lack of event emission in TRANSFER_FROM(), include the appropriate event emission logic to ensure that external systems receive notifications about token transfers.

This modification enhances the transparency and traceability of token movements, improving the overall functionality and interoperability of the smart contract. Regularly emitting events is a best practice for smart contract development and helps maintain a consistent and reliable system for external observers.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

460

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.