ArkProject: NFT Bridge

Summary

The setStarklaneL2Address function allows the contract owner to set the _starklaneL2Address variable, which is presumably critical for the contract's functionality. However, the function does not emit an event when this address is set, reducing the transparency and traceability of this important operation.

Vulnerability Details

The setStarklaneL2Address function modifies the _starklaneL2Address state variable without emitting an event. In smart contracts, events serve as an important logging mechanism that allows off-chain systems and users to track changes in contract state. Without an event, changes to _starklaneL2Address are not easily detectable by external observers, which can lead to a lack of visibility into key contract operations.

Impact

Transparency: The lack of an event reduces the transparency of changes to the _starklaneL2Address, making it difficult for external systems and stakeholders to track and verify when this critical address is updated.

Off-Chain Monitoring: Off-chain services and monitoring tools that rely on events to detect changes in contract state will miss updates to the _starklaneL2Address, potentially leading to incorrect or outdated information being used in decision-making processes.

Tools Used

Manual Code Review: The issue was identified through a manual review of the smart contract code, focusing on the presence or absence of event emissions for key state changes.

Recommendations

To enhance transparency and enable effective off-chain monitoring, it is recommended to emit an event whenever the _starklaneL2Address is updated. This event should include the new address to allow external observers to track the change.