Vital functions lacking specific event emission
Summary
Vital state changing function
Vulnerability Details
For a vital function like processDepositFailureLiquidityWithdrawal() which changes state and also transfers funds, not emitting a specific/ customized event of its own is not safe practice.
It is arguable that calls within this function eg: repay() emit events and hence sufficient for entire function. However this assumption is bad practice as other functions also call the repay() hence no differentiation from when processDepositFailureLiquidityWithdrawal() is called.
A custom event should be implemented for this function. see good practice below:
In file contracts::strategy::gmx::GMXDeposit.sol:
function deposit() emits emit DepositCreated(...) as an event specific / customized to deposit() which is a state changing an funds moving function. It does not rely on emissions within the deposit() eg safetransfer(...) which can as well be triggered by other function calls.
Following the above example, a customized event is necessary for processDepositFailureLiquidityWithdrawal() see recommendation below.
Same applies to afterWithdrawalExecution() in same file
Impact
Tools Used
Manual review
Recommendations
Lead Judging Commences
Insufficient event emission
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.