Submission Details
Severity:
Missing event in `L1BossBridge:sendToL1` when a withdrawal succeeds
Summary
Missing event in L1BossBridge:sendToL1 when a withdrawal succeeds
Vulnerability Details
L1BossBridge:sendToL1 does not emit an event when the transaction succeeds, where the user finally receives the ERC20 tokens. Events are important for the off chain tracking of smart contract data
Impact
Low. Does not involve any loss of funds, but every important state change should be followed by an event emission.
Tools Used
Manual Review
Recommendations
Consider emitting an event in the L1BossBridge::sendToL1 function:
function sendToL1(uint8 v, bytes32 r, bytes32 s, bytes memory message) public nonReentrant whenNotPaused {
address signer = ECDSA.recover(MessageHashUtils.toEthSignedMessageHash(keccak256(message)), v, r, s);
if (!signers[signer]) {
revert L1BossBridge__Unauthorized();
}
(address target, uint256 value, bytes memory data) = abi.decode(message, (address, uint256, bytes));
(bool success,) = target.call{ value: value }(data);
if (!success) {
revert L1BossBridge__CallFailed();
}
+ emit Withdraw(user, signer, amount);
}
Updates
Lead Judging Commences
0xnevi almost 2 years ago
Submission Judgement Published Assigned finding tags:
missing events emission
Rewards breakdown
nSLOC
99This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.