Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Uninitialized EggVault NFT Reference

martinso

Summary

  • Several critical state changes in the contracts (e.g., setEggFindThreshold, setGameContract, setEggNFT) do not emit events, reducing transparency and making it harder to track configuration changes off-chain.

Vulnerability Details

  • Examples:

  1. EggHuntGame.setEggFindThreshold changes the egg-finding probability but emits no event.

  2. EggstravaganzaNFT.setGameContract sets the authorized minter but lacks an event.

  3. EggVault.setEggNFT configures the NFT contract without an event.

  • Without events, external systems (e.g., frontends, auditors) cannot easily monitor these changes.

Impact

  • Reduced transparency could hide malicious or erroneous configuration changes by the owner, affecting trust in the system.

  • Off-chain applications may fail to reflect the current state accurately.

Tools Used

  • Manual code review.

  • Best practices for event logging in Solidity.

Recommendations

  • Add events for all significant state changes:

event EggFindThresholdUpdated(uint256 newThreshold);
function setEggFindThreshold(uint256 newThreshold) external onlyOwner {
require(newThreshold <= 100, "Threshold must be <= 100");
eggFindThreshold = newThreshold;
emit EggFindThresholdUpdated(newThreshold);
}
event GameContractUpdated(address newGameContract);
function setGameContract(address \_gameContract) external onlyOwner {
require(\_gameContract != address(0), "Invalid game contract address");
gameContract = \_gameContract;
emit GameContractUpdated(\_gameContract);
}
Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Event Emission

Standard practice for clarifying important contract behaviors

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.