Events can capture more information
Summary
Events can be augmented by capturing more critical information
Vulnerability Details
Events are missing some information that can enhance them
Impact
Informational: Events are critical for offchain tooling, front ends, monitoring, analytics etc. It is critical that events give as much crucial information as possible.
For example, Consider that the Factory is not storing list of created Escrows and the event
line 10 IEscrowFactory.sol -> event EscrowCreated(address indexed escrowAddress, address indexed buyer, address indexed seller, address arbiter); becomes a key offchain tool to see the Escrows as they are created. However the event does not give all the critical detail of the Escrow like the price
Another example is that in line 117 Escrow.sol when event Resolved is emitted it lacks the arbiter details. It is a key part of this event as the buyer and seller are recorded
Tools Used
Manual Analysis
Recommendations
-
Add price to EscrowCreated event
event EscrowCreated(address indexed escrowAddress, address indexed buyer, address indexed seller, address arbiter, uint256 price); -
event Confirmed can take a string description or code category or rating by buyer
event Confirmed(address indexed seller, string description);
For example although buyer accepts job, they can add a rating that is then saved in events (optionally onchain too), this can help in future disputes if for example after 3 jobs with rating falling it may make sense to arbitrator to see onchain quality was falling hence dispute from buyer
3.event Disputed(address indexed disputer, string description);
Again like above, event Disputed can take a string description or code category of dispute
event Resolved(address indexed buyer, address indexed seller); is missing the arbiter
Change to -> event Resolved(address indexed buyer, address indexed seller, address indexed arbiter);
It is recommended that events especially if data or information is not stored onchain that the event capture as much critical information as possible. Ensure all events are appropriate in information they emit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.