Missing Event Emission in NFT Minting Function
Summary
The mintEgg function in the EggstravaganzaNFT contract modifies state by minting a new token and incrementing totalSupply, but doesn't emit a custom event to track these changes.
Vulnerability Details
When a new egg NFT is minted via the mintEgg function, two state changes occur:
A new token is minted to the recipient via
_mint(to, tokenId)The
totalSupplycounter is incremented
While the standard ERC721 Transfer event is emitted by the internal _mint function (from the zero address to the recipient), there is no custom event that captures the full context of the minting operation, particularly the totalSupply update.
Impact
Low impact (transparency and tracking issue). This doesn't affect the security or functionality of the contract directly, but it does reduce visibility and make it more difficult for off-chain systems to:
Track the total supply accurately without syncing the entire blockchain
Monitor and audit minting activities specific to this contract
Distinguish between normal transfers and new mint operations
Tools Used
Manual code review
Recommendations
Emit a custom event when eggs are minted to provide better visibility:
This custom event provides important context that the standard ERC721 Transfer event doesn't capture, including the new total supply and making it clear this was a mint operation rather than a transfer.
Lead Judging Commences
Event Emission
Standard practice for clarifying important contract behaviors
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.