ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The function set_l1_l2_collection_mapping in the contract does not emit an event after updating the L1-L2 collection mappings

sabit

Summary

The function set_l1_l2_collection_mapping in the contract does not emit an event after updating the L1-L2 collection mappings.

Vulnerability Details

The function below updates the mappings between L1 and L2 collections without emitting any event to signal this change.

fn set_l1_l2_collection_mapping(ref self: ContractState, collection_l1: EthAddress, collection_l2: ContractAddress) {
ensure_is_admin(@self);
self.l1_to_l2_addresses.write(collection_l1, collection_l2);
self.l2_to_l1_addresses.write(collection_l2, collection_l1);
}
}

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L360C6-L364C10

An event should be emitted after the mappings are updated to provide an on-chain record of this state change.

Impact

External systems cannot easily track changes to L1-L2 collection mappings. And this makes it harder to track history of mapping changes.

Tools Used

Manual review

Recommendations

Implement an event emission at the end of the function.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.