Eggstravaganza

Summary

The setEggNFT function allows the contract owner to set the address of the EggstravaganzaNFT contract. However, this function does not emit an event upon successful execution, making it harder to track this critical state change off-chain.

Vulnerability Details

The setEggNFT function updates the eggNFT state variable, which holds the address of the NFT contract that the vault interacts with. This is a critical parameter for the vault's operation. Best practices dictate that functions modifying important state variables should emit events. This allows external listeners (like user interfaces, monitoring tools, or other contracts) to easily subscribe to and react to these changes without needing to constantly query the contract's state.

The current implementation lacks such an event:

Impact

Without an event, tracking changes to the eggNFT address becomes less transparent and more cumbersome. Off-chain applications or users monitoring the vault might not be immediately aware of an update to the NFT contract address, potentially leading them to operate with outdated information or requiring inefficient polling mechanisms to detect changes. While the owner is trusted, emitting events enhances transparency and observability.

Tools Used

Manual Review

Recommendations

Emit an event within the setEggNFT function to signal the change in the NFT contract address.

1. Define a new event, for example:

   event EggNFTAddressSet(address indexed newEggNFTAddress);

2. Emit this event within the setEggNFT function after the update:

   function setEggNFT(address _eggNFTAddress) external onlyOwner {

   require(_eggNFTAddress != address(0), "Invalid NFT address");

   eggNFT = EggstravaganzaNFT(_eggNFTAddress);

   emit EggNFTAddressSet(_eggNFTAddress); // Add this line

   }