Lack of event emission in setEggFindThreshold hides critical game logic changes
Description:
The function EggHuntGame::setEggFindThreshold allows the contract owner to change the probability that a player finds an egg in searchForEgg(). This parameter directly influences the distribution of rewards (NFTs) in the game.
However, this update is performed silently: no event is emitted, and the change is only visible by calling the contract state manually. This creates a transparency issue where users, auditors, bots, and other contracts cannot detect when or how the threshold is modified.
Since this change affects gameplay and can be performed unilaterally by the owner, it should be publicly traceable. Otherwise, the owner could manipulate the outcome probabilities without users being aware (e.g., reduce to 0% or increase to 100% without notice).
Even if the frontend reflects the updated value, relying on off-chain sources undermines the trustless nature of the system.
Impact:
Users have no visibility into changes in win probability.
The threshold can be silently modified in favor of specific users or events.
This weakens fairness and verifiability of the game logic.
Reduces auditability and trust in a blockchain-based reward mechanism.
Tools Used
Manual review, Foundry
Recommended Mitigation:
Lead Judging Commences
Event Emission
Standard practice for clarifying important contract behaviors
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.