Missing Events For Critical Functions
Summary
Critical and key functions are missing events.
Vulnerability Details
There are functions that are missing events, some of these include onlyOwner functions, state changing functions that change parameters. It is critical for offchain monitoring, tooling, user heads up, best practise to emit events for key functionality and actions in a project.
Staking.sol
Line 38 deposit(..) function
Line 46 withdraw(..) function
Line 53 claim(..) function
Lender.sol
Line 84 setLenderFee(..) function
Line 92 setBorrowerFee(..) function
Line 100 setReceiverFee(...)
Fees.sol
Line 26 sellProfits(...)
Impact
Informational: It is very important to keep track of the key aspects of the protocol e.g setting borrower and lender fee, fee Receiver address etc. Without events the system is not ideal at reporting real time its activities or not ideal at alerting users and other stakeholders e.g security
Tools Used
Manual Analysis
Recommendations
It is recommended that all critical functions emit appropriate and unique and or relevant events. This is especially critical for onlyOwner or admin controlled functions that change parameters of system. For example setLenderFee() when called if it emits event will alert potential and existing lenders that fees have changed
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.