Question about CEI Pattern and Event Emission in Smart Contracts

[M3dython]

Hi everyone,

I'm currently studying Smart Contract Security, specifically the lesson 21. Recon Continued (again) from the course. Patrick mentioned that functions should follow the Check-Effects-Interaction (CEI) pattern. However, I’ve encountered a potential issue when applying this in the following scenario:

The function I’m working with is designed to lock tokens in a vault and emit a Deposit event, which triggers an L2 minting process. Off-chain services are listening for this event and will mint the corresponding tokens on L2. Patrick said that the function should strictly follow the CEI pattern, where the emit happens before the actual transfer (using safeTransferFrom). Here’s the code snippet:

/**
 * @notice Locks tokens in the vault and emits a Deposit event
 * The unlock event will trigger the L2 minting process. There are nodes listening
 * for this event and will mint the corresponding tokens on L2. This is a centralized process.
 * 
 * @param from The address of the user who is depositing tokens
 * @param l2Recipient The address of the user who will receive the tokens on L2
 * @param amount The amount of tokens to deposit
 */
function depositTokensToL2(address from, address l2Recipient, uint256 amount) external whenNotPaused {
    if (token.balanceOf(address(vault)) + amount > DEPOSIT_LIMIT) {
        revert L1BossBridge__DepositLimitReached();
    }
    token.safeTransferFrom(from, address(vault), amount);

    // Our off-chain service picks up this event and mints the corresponding tokens on L2
    // @audit should follow CEI pattern
    emit Deposit(from, l2Recipient, amount);
}

However, my concern is that emitting the Deposit event before calling safeTransferFrom could be potentially problematic.

The issue is that by emitting the Deposit event before the transfer, there’s a risk that someone listening to this event (on L2, for example) could mint tokens there without the actual transfer being successful on L1. If the transfer later fails or is reverted, the event has already been emitted, leading to a potential inconsistency between the layers.

My question is:
Wouldn't it be dangerous to emit the event before ensuring the success of the transfer? By emitting it early, isn’t there a chance that listeners (such as L2 nodes) could mint tokens based on the event even if the transfer fails, causing discrepancies between the layers?

I'm trying to follow best practices but want to make sure I’m not missing anything. Any insights or suggestions on how to handle this would be greatly appreciated!

Thanks!

[EngrPips]

Yeah CEI is an industry standard that should always be followed but if your situation requires otherwise then do so as long as you are sure of what you are doing and you know why you are doing it.