Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

No Event Emission for Critical Actions – Lack of Logs Reduces Traceability and Hinders Auditing

kineticsofweb3

Summary

The NFTFactory contract currently does not emit events when critical actions namely minting and burning NFTs are performed. This omission reduces the on-chain traceability of estate transactions, making it difficult to audit and monitor estate-related activities. The absence of these events can complicate off-chain monitoring and forensic analysis, increasing the risk of disputes or oversight in the inheritance process.

Vulnerability Details

Affected Functions:
- createEstate(string memory description)
- burnEstate(uint256 _id)
Issue Description:
The contract performs essential operations (minting and burning of NFTs) without emitting events. Without event logs, external systems and auditors cannot reliably track when these actions occur, which is crucial for transparency in an inheritance management system.

Root Cause

The root cause is that the NFTFactory contract lacks event declarations and corresponding emit statements within the critical functions. This design oversight prevents the contract from logging the creation or destruction of NFTs, thereby reducing the observability of state changes.

Impact

Technical Impact:
- Reduced transparency in the NFT lifecycle, complicating debugging and analysis of contract activity.
- Difficulties in building off-chain services (like UIs, alerts, or monitoring tools) that rely on event logs to track NFT-related actions.
- Increased risk in forensic investigations during any suspected fraudulent activity or inheritance dispute.

Tools Used

Mitigation

To mitigate this issue and improve traceability, implement the following changes:

Define and Emit Events:
- Declare events for NFT creation and burning at the top of the contract.
- Modify the createEstate and burnEstate functions to emit these events.
Sample Code Fix:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.26;

import {ERC721} from "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import {ERC721URIStorage} from "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";

contract NFTFactory is ERC721URIStorage {
error NotInheritanceManager();

uint256 counter = 0;
address inheritanceManager;

// --- Event Declarations ---
event EstateCreated(uint256 indexed itemID, address indexed owner, string description);
event EstateBurned(uint256 indexed itemID);

constructor(address _inheritanceManager) ERC721("On Chain Estate", "OCE") {
inheritanceManager = _inheritanceManager;
}

modifier onlyInheritanceManager() {
if (msg.sender != inheritanceManager) {
revert NotInheritanceManager();
}
_;
}

function createEstate(string memory description) external onlyInheritanceManager returns (uint256 itemID) {
uint256 ID = _incrementCounter();
_mint(msg.sender, ID);
_setTokenURI(ID, description);
emit EstateCreated(ID, msg.sender, description);
return ID;
}

function burnEstate(uint256 _id) external onlyInheritanceManager {
_burn(_id);
emit EstateBurned(_id);
}

function _incrementCounter() internal returns (uint256) {
return counter += 1;
}
}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.