Eggstravaganza

Summary:
The setEggFindThreshold() function allows the contract owner to update the egg-finding chance but does not emit an event upon making this change. Although this omission does not directly compromise security or functionality, it reduces transparency and makes it harder for auditors and users to track administrative changes over time.

Vulnerability Details:

• Location: EggHuntGame.sol, setEggFindThreshold() function (approximately line 33)

• Issue: When the owner updates the egg-finding chance via setEggFindThreshold(), the function modifies the eggFindThreshold variable without emitting an event to log this change.

Root Cause:
The developer did not include an event emission statement in the setEggFindThreshold() function. As a result, updates to this parameter are not recorded in the contract’s event logs, leading to reduced transparency in tracking administrative actions.

Impact:
While the lack of an event does not affect the core functionality or security of the contract, it makes it more challenging for external observers, auditors, and users to verify when and how often the egg-finding chance is modified. This omission can hinder accountability and obscure administrative changes that might be important for tracking the evolution of game parameters.

Tools Used:

Proof of Concept (PoC):

Recommended Mitigation:
Add an event emission within the setEggFindThreshold() function to log every update to the threshold. For example:

1. Declare the Event:

   event EggFindThresholdUpdated(uint256 newThreshold);

2. Modify the Function:

   function setEggFindThreshold(uint256 newThreshold) external onlyOwner {

   require(newThreshold <= 100, "Threshold must be <= 100");

   eggFindThreshold = newThreshold;

   emit EggFindThresholdUpdated(newThreshold);

   }