stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: low
Invalid

Missing Event Emissions in SDLPool and SDLPoolCCIPController Admin Setter Functions

Summary

The SDLPool contract's setBaseURI, setBoostController, and setCCIPController functions, along with the setMaxLINKFee and setRESDLTokenBridge functions in the SDLPoolCCIPController contract, lack event emissions. Events play a crucial role in notifying users about critical configuration changes, providing transparency and awareness.

Vulnerability Details

  1. SDLPool - setBaseURI, setBoostController, setCCIPController:

    • Issue: These functions do not emit events.

    • Recommendation: Emit events like this (BaseURIChanged, BoostControllerChanged, CCIPControllerChanged) to inform users about relevant changes.

  2. SDLPoolCCIPController - setMaxLINKFee, setRESDLTokenBridge:

    • Issue: These functions do not emit events.

    • Recommendation: Emit events like this (MaxLINKFeeChanged, RESDLTokenBridgeChanged) to notify users about the modified configurations.

Impact

The absence of event emissions on critical configuration changes may lead to user confusion and unawareness of modifications. By implementing events, users can stay informed about updates, contributing to a more transparent and user-friendly protocol.

Tools Used

Manual review

Recommendations

  1. Implement event emissions for the SDLPool functions (setBaseURI, setBoostController, setCCIPController) to enhance user awareness and transparency.

  2. Implement event emissions for the SDLPoolCCIPController functions (setMaxLINKFee, setRESDLTokenBridge) to keep users informed about changes to critical configurations.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xtheblackpanther Submitter
over 1 year ago
0kage Lead Judge
over 1 year ago
0xtheblackpanther Submitter
over 1 year ago
0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.