NFT Dealers

First Flight #58

Beginner FriendlyFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: low

Likelihood: low

[L-4] Events Missing indexed Fields

Author Revealed upon completion

Root + Impact

Description

Several events emit values that off-chain tools (indexers, subgraphs, frontends) would want to filter by, but the fields are not indexed. Non-indexed fields cannot be used as filter topics in eth_getLogs queries, forcing off-chain tools to download and scan all events rather than filtering at the RPC level.

// src/NFTDealers.sol:16-20

@> event NFT_Dealers_Listed(address indexed listedBy, uint256 listingId); // listingId not indexed

@> event NFT_Dealers_ListingCanceled(uint256 listingId); // listingId not indexed

@> event NFT_Dealers_Sold(address indexed soldTo, uint256 price); // price not indexed

@> event NFT_Dealers_Price_Updated(uint256 indexed listingId, uint256 oldPrice, uint256 newPrice); // newPrice not indexed

@> event NFT_Dealers_Fees_Withdrawn(uint256 amount); // amount not indexed

Risk

Likelihood:

Events still emit correctly; this is a gas vs. query-efficiency trade-off.
Impact grows as the number of events increases, and off-chain tools need fine-grained filtering.

Impact:

Off-chain tools incur unnecessary RPC load; no on-chain impact.

Proof of Concept

// Without indexed listingId, this filter returns ALL Listed events:

// eth_getLogs({ topics: [keccak256("NFT_Dealers_Listed(address,uint256)")] })

// — cannot filter by listingId at the RPC level

Recommended Mitigation

Add indexed to the fields most likely to be used as filters by off-chain consumers.

-event NFT_Dealers_Listed(address indexed listedBy, uint256 listingId);

+event NFT_Dealers_Listed(address indexed listedBy, uint256 indexed listingId);

-event NFT_Dealers_ListingCanceled(uint256 listingId);

+event NFT_Dealers_ListingCanceled(uint256 indexed listingId);

-event NFT_Dealers_Sold(address indexed soldTo, uint256 price);

+event NFT_Dealers_Sold(address indexed soldTo, uint256 indexed price);

Rewards breakdown

nSLOC

253

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!