Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Event is missing indexed fields

larsson

Summary

The indexed fields for the event are missing.

Vulnerability Details

FILE : contracts/interfaces/strategy/gmx/IGMXVaultEvents.sol

8: event KeeperUpdated(address keeper, bool approval);

9: event TreasuryUpdated(address treasury);

10: event SwapRouterUpdated(address router);

11: event TroveUpdated(address trove);

12: event CallbackUpdated(address callback);

13: event FeePerSecondUpdated(uint256 feePerSecond);

14: event ParameterLimitsUpdated(

uint256 debtRatioStepThreshold,

uint256 debtRatioUpperLimit,

uint256 debtRatioLowerLimit,

int256 deltaUpperLimit,

int256 deltaLowerLimit

);

21: event MinSlippageUpdated(uint256 minSlippage);

22: event MinExecutionFeeUpdated(uint256 minExecutionFee);

25: event DepositCreated(

address indexed user,

address asset,

uint256 assetAmt

);

30: event DepositCompleted(

address indexed user,

uint256 shareAmt,

uint256 equityBefore,

uint256 equityAfter

);

38: event DepositFailed(bytes reason);

40: event WithdrawCreated(address indexed user, uint256 shareAmt);

41: event WithdrawCompleted(

address indexed user,

address token,

uint256 tokenAmt

);

47: event WithdrawFailed(bytes reason);

49: event RebalanceSuccess(

uint256 svTokenValueBefore,

uint256 svTokenValueAfter

);

53: event RebalanceOpen(

bytes reason,

uint256 svTokenValueBefore,

uint256 svTokenValueAfter

);

65: event EmergencyClose(

uint256 repayTokenAAmt,

uint256 repayTokenBAmt

);

69: event EmergencyWithdraw(

address indexed user,

uint256 sharesAmt,

address assetA,

uint256 assetAAmt,

address assetB,

uint256 assetBAmt

);

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/interfaces/strategy/gmx/IGMXVaultEvents.sol#L8-L34

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/interfaces/strategy/gmx/IGMXVaultEvents.sol#L38-L45

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/interfaces/strategy/gmx/IGMXVaultEvents.sol#L47-L57

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/interfaces/strategy/gmx/IGMXVaultEvents.sol#L65-L76

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L18-L26

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXWithdraw.sol#L26-L31

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXWithdraw.sol#L33

FILE : contracts/strategy/gmx/GMXEmergency.sol

28: event EmergencyClose(

uint256 repayTokenAAmt,

uint256 repayTokenBAmt

);

32: event EmergencyWithdraw(

address indexed user,

uint256 sharesAmt,

address assetA,

uint256 assetAAmt,

address assetB,

uint256 assetBAmt

);

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXEmergency.sol#L28-L39

FILE : contracts/strategy/gmx/GMXRebalance.sol

18: event RebalanceSuccess(

uint256 svTokenValueBefore,

uint256 svTokenValueAfter

);

22: event RebalanceOpen(

bytes reason,

uint256 svTokenValueBefore,

uint256 svTokenValueAfter

);

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXRebalance.sol#L18-L26

FILE : contracts/strategy/gmx/GMXWithdraw.sol

26: event WithdrawCreated(address indexed user, uint256 shareAmt);

27: event WithdrawCompleted(

address indexed user,

address token,

uint256 tokenAmt

);

33: event WithdrawFailed(bytes reason);

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXWithdraw.sol#L26-L31

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXWithdraw.sol#L33

Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it’s not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.

Impact

Unindexed event fields make it harder to access off-chain tools that parse events.

Tools Used

Manual Review

Recommendations

It is recommended to include indexed fields for the events. This will help in optimizing the search and retrieval process of the events.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

INFO: Event is missing indexed fields

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.