# 59411 sc insight inconsistency in migratetokenmanager in terms of the permitted caller * **Submitted on:** Nov 12th 2025 at 05:41:45 UTC by @Oxodus for [Audit Comp | Vechain | Stargate Hayabusa](https://immunefi.com/audit-competition/audit-comp-vechain-stargate-hayabusa) * **Report ID:** #59411 * **Report Type:** Smart Contract * **Report severity:** Insight * **Target:** ## Description ### Brief / Intro There is an inconsistency between the NatSpec in `IStargateNFT` and the `StargateNFT` implementation regarding who is allowed to call the `migrateTokenManager` function. * `IStargateNFT` states that "this function is only callable by the DEFAULT\_ADMIN\_ROLE". * The implementation in `StargateNFT` instead restricts the call to `TOKEN_MANAGER_MIGRATOR_ROLE`: ```solidity function migrateTokenManager( uint256 _tokenId, address _manager ) external onlyRole(TOKEN_MANAGER_MIGRATOR_ROLE) { ... } ``` This mismatch between interface documentation and contract implementation can lead to confusion or incorrect assumptions about access control. ## References * Implementation: * Interface NatSpec: ## Proof of Concept No additional PoC provided. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/vechain-or-stargate-hayabusa/59411-sc-insight-inconsistency-in-migratetokenmanager-in-terms-of-the-permitted-caller.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.