ArkProject: NFT Bridge

Summary

The enableBridge function in the smart contract allows the contract owner to enable or disable a specific feature by setting the _enabled state variable. However, the function does not emit an event when this change occurs, which can lead to transparency issues and hinder off-chain monitoring.

Vulnerability Details

The enableBridge function allows the contract owner to change the state of the _enabled variable without emitting an event. In smart contracts, events are critical for logging state changes that off-chain services, such as user interfaces or monitoring systems, rely on to track contract behavior. Without an event, there is no easy way for external systems to be notified of the change, which can lead to confusion or missed updates.

Impact

Transparency: The lack of event emission reduces the transparency of the contract's state changes, making it difficult for users and external systems to track when the bridge is enabled or disabled.

Off-Chain Monitoring: Off-chain services that rely on event logs to monitor contract activity will not be able to detect changes in the _enabled state, potentially leading to incorrect assumptions or missed actions.

Tools Used

Manual Code Review: The absence of event emission was identified through a manual review of the smart contract's code.

Recommendations

To improve transparency and enable effective off-chain monitoring, it is recommended to emit an event whenever the _enabled state is changed. This can be done by defining an event and emitting it within the enableBridge function.