Submission Details
Severity:
Event not emitting old value and new value
Summary
Events for critical changes need to emit detailed information like the new value and the old values
Vulnerability Details
function setPassword(string memory newPassword) external {
s_password = newPassword;
emit SetNetPassword();
}
When password is set, event does not give information of the old password and the newly applied password
Impact
This may have usability, monitoring, off-chain tooling problems, front end problems and even security. For example security tooling if password is changed to value not expected or not changed as expected it can be reacted upon
Tools Used
Manual Analysis
Recommendations
Event emit caller information
event SetNetPassword(address indexed caller, string oldPassword, string newPassword);
....
function setPassword(string memory newPassword) external {
string oldPassword = s_password;
s_password = newPassword;
emit SetNetPassword(msgs.sender, oldPassword, newPassword);
}
Updates
Lead Judging Commences
inallhonesty
about 2 years ago
aballok
about 2 years ago
inallhonesty
about 2 years ago
aballok
about 2 years ago
Rewards breakdown
nSLOC
20This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.