Missing Event Emissions in SDLPool and SDLPoolCCIPController Admin Setter Functions
Summary
The SDLPool contract's setBaseURI, setBoostController, and setCCIPController functions, along with the setMaxLINKFee and setRESDLTokenBridge functions in the SDLPoolCCIPController contract, lack event emissions. Events play a crucial role in notifying users about critical configuration changes, providing transparency and awareness.
Vulnerability Details
-
SDLPool - setBaseURI, setBoostController, setCCIPController:
Issue: These functions do not emit events.
Recommendation: Emit events like this (
BaseURIChanged,BoostControllerChanged,CCIPControllerChanged) to inform users about relevant changes.
-
SDLPoolCCIPController - setMaxLINKFee, setRESDLTokenBridge:
Issue: These functions do not emit events.
Recommendation: Emit events like this (
MaxLINKFeeChanged,RESDLTokenBridgeChanged) to notify users about the modified configurations.
Impact
The absence of event emissions on critical configuration changes may lead to user confusion and unawareness of modifications. By implementing events, users can stay informed about updates, contributing to a more transparent and user-friendly protocol.
Tools Used
Manual review
Recommendations
-
Implement event emissions for the SDLPool functions (
setBaseURI,setBoostController,setCCIPController) to enhance user awareness and transparency. -
Implement event emissions for the SDLPoolCCIPController functions (
setMaxLINKFee,setRESDLTokenBridge) to keep users informed about changes to critical configurations.
Lead Judging Commences
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.