First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

the function does not emit an event when it changes the state of the contract, which could be a bad practice

imth3ak

Summary

The function setSigner changes the status of an address as a signer or not, but does not emit an event to notify the users and the watchers.

Vulnerability Details

This could make the contract less transparent and observable, and reduce the trust and confidence of the users and the developers.
The function should emit an event to record the state changes that it causes, and to make the contract more auditable and verifiable.

function setSigner(address account, bool enabled) external onlyOwner {
signers[account] = enabled;
}

Impact

The impact of this issue is that the function setSigner could make the contract less auditable and verifiable, as it does not provide any evidence of the state changes that it causes. This could make it harder for the users and the developers to track the history and the current state of the signers, and to detect any errors or malicious actions that might occur. Therefore, it is important to emit events in setter functions to make the contract more reliable and secure.

Tools Used

  • slither

Recommendations

You should emit events in setter functions to make the contract more transparent and observable.

// Define an event to log the signer status changes
event SignerSet(address indexed account, bool enabled);
function setSigner(address account, bool enabled) external onlyOwner {
signers[account] = enabled;
// Emit the event with the account and the status
emit SignerSet(account, enabled);
}
Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

missing events emission

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.