First Flight #3: Thunder Loan

First Flight #3

Beginner FriendlyFoundryDeFiOracle

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

updateFlashLoanFee() missing event

kiteweb3

Summary

ThunderLoan::updateFlashLoanFee() and ThunderLoanUpgraded::updateFlashLoanFee() does not emit an event, so it is difficult to track changes in the value s_flashLoanFee off-chain.

Vulnerability Details

function updateFlashLoanFee(uint256 newFee) external onlyOwner {

if (newFee > FEE_PRECISION) {

revert ThunderLoan__BadNewFee();

}

@> s_flashLoanFee = newFee;

}

Impact

In Ethereum, events are used to facilitate communication between smart contracts and their user interfaces or other off-chain services. When an event is emitted, it gets logged in the transaction receipt, and these logs can be monitored and reacted to by off-chain services or user interfaces.

Without a FeeUpdated event, any off-chain service or user interface that needs to know the current s_flashLoanFee would have to actively query the contract state to get the current value. This is less efficient than simply listening for the FeeUpdated event, and it can lead to delays in detecting changes to the s_flashLoanFee.

The impact of this could be significant because the s_flashLoanFee is used to calculate the cost of the flash loan. If the fee changes and an off-chain service or user is not aware of the change because they didn't query the contract state at the right time, they could end up paying a different fee than they expected.

Tools Used

Slither

Recommendations

Emit an event for critical parameter changes.

+ event FeeUpdated(uint256 indexed newFee);

function updateFlashLoanFee(uint256 newFee) external onlyOwner {

if (newFee > s_feePrecision) {

revert ThunderLoan__BadNewFee();

}

s_flashLoanFee = newFee;

+ emit FeeUpdated(s_flashLoanFee);

}

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

missing event emission updateFlashLoanFee

Rewards breakdown

nSLOC

387

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.