The function depositEggToVault
allows a user to deposit an NFT (Egg) into the vault by calling eggNFT.transferFrom
to transfer the NFT from the user to the vault and subsequently calling the depositEgg
function on the vault. However, the function does not emit any event to signal that the deposit has taken place. Additionally, it does not prevent the possibility of a user attempting to deposit the same NFT more than once. This could lead to potential issues in tracking the state of deposits and duplicated actions on the same NFT.
The depositEggToVault
function allows users to deposit NFTs into the vault but does not emit any events to signal the successful deposit. Additionally, there is no check to prevent the same NFT from being deposited multiple times, which may lead to inconsistent state tracking within the vault.
Here is the vulnerable function:
Impact
Lack of Event Emission: Users are unable to track successful deposits, leading to a lack of transparency.
Duplicate Deposits: Users can deposit the same NFT multiple times, causing incorrect state tracking in the vault and potential security issues..
Manual review
Emit an Event: Add an event to the depositEggToVault function to notify when a successful deposit occurs.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.