Missing event emission in `EggstravaganzaNFT::setGameContract` function
Summary
The setGameContract function allows the contract owner to change the gameContract state variable, which designates the only address permitted to mint new Egg NFTs. However, this function does not emit an event upon successful execution.
Vulnerability Details
State-changing functions, especially those modifying critical authorization parameters like the designated minter address, should emit events. This allows off-chain monitoring tools, user interfaces, and other interested parties to track changes in the contract's state and configuration efficiently. The setGameContract function updates the gameContract variable but lacks an accompanying event emission.
Impact
The absence of an event makes it difficult for external systems and users to track changes to the authorized minter address. This lack of transparency can hinder monitoring efforts and potentially cause issues for applications or users relying on knowing the currently authorized game contract, as they might operate based on outdated information.
Tools Used
Manual Review
Recommendations
Emit an event within the setGameContract function to signal the change in the authorized minter address.
-
Define a new event, for example:
event GameContractSet(address indexed newGameContract); -
Emit this event within the
setGameContractfunction after the update:function setGameContract(address _gameContract) external onlyOwner {require(_gameContract != address(0), "Invalid game contract address");gameContract = _gameContract;emit GameContractSet(_gameContract); // Add this line}
Lead Judging Commences
Event Emission
Standard practice for clarifying important contract behaviors
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.