ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing event emission in initialize() function

sabit

Summary

Event emission is missing in initialize() function.

Vulnerability Details

The initialize() function is setting up initial state variables and transferring ownership, but it's not emitting any events.

function initialize(
bytes calldata data
)
public
onlyInit
{
(
address owner,
IStarknetMessaging starknetCoreAddress,
uint256 starklaneL2Address,
uint256 starklaneL2Selector
) = abi.decode(
data,
(address, IStarknetMessaging, uint256, uint256)
);
_enabled = false;
_starknetCoreAddress = starknetCoreAddress;
_transferOwnership(owner);
setStarklaneL2Address(starklaneL2Address);
setStarklaneL2Selector(starklaneL2Selector);
}

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L44C3-L66C6

While this is not a bug in the strict sense, it's a missed opportunity to provide better transparency and allow for easier off-chain tracking of contract initialization.

Impact

Without events, it's harder for external observers to know when and how the contract was initialized. This can make it more difficult to audit the contract's lifecycle.

Tools Used

Manual review

Recommendations

Consider adding event emissions for significant state changes within the initialize function.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.