The contract doesn't emit required ERC721 events such as Transfer and Approval. These events are crucial for off-chain applications to track token ownership and approvals.
Impact
The lack of standard events will break compatibility with most DApps, wallets, and indexers that rely on these events to track token ownership and transfers. This severely limits the usability and visibility of the tokens.
Proof of Concept
The _transfer function doesn't emit a Transfer event:
Lines of code
https://github.com/code-423n4/2024-08-superposition/blob/4528c9d2dbe1550d2660dac903a8246076044905/pkg/sol/OwnershipNFTs.sol#L109-L116
Vulnerability details
Vulnerability Details
The contract doesn't emit required ERC721 events such as Transfer and Approval. These events are crucial for off-chain applications to track token ownership and approvals.
Impact
The lack of standard events will break compatibility with most DApps, wallets, and indexers that rely on these events to track token ownership and transfers. This severely limits the usability and visibility of the tokens.
Proof of Concept
The
_transfer
function doesn't emit a Transfer event:Tools Used
Manual Review
Recommended Mitigation Steps
Emit the required events in all relevant functions:
Assessed type
ERC721