The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Critical state changes, such as updates to `minted` and `liquidated`, should ideally be emitted as events to monitor and react to significant changes in the contract's state

0xVinylDavyl

Summary

The SmartVaultV3 contract lacks proper event emission for critical state changes, specifically for updates to minted and liquidated values. Emitting events for these critical state changes is essential for transparency and external monitoring of the contract's activities.

Vulnerability Details

Certain crucial state changes, such as modifications to the minted and liquidated variables, do not trigger corresponding events in the SmartVaultV3 contract. Events provide an important mechanism for external systems and users to monitor and react to significant changes in the contract's state.

function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

require(fullyCollateralised(_amount + fee), UNDER_COLL);

minted = minted + _amount + fee;

EUROs.mint(_to, _amount);

EUROs.mint(ISmartVaultManagerV3(manager).protocol(), fee);

emit EUROsMinted(_to, _amount, fee);

}

Impact

Lack of Visibility:
External entities, as front-end interfaces or monitoring tools, may lack visibility into crucial changes in the contract's state, leading to a potential lack of transparency.

Tools Used

Manual Review

Recommendations

Emit Events for Critical State Changes:

Implement event emission in functions where critical state changes occur, providing external systems with the necessary information to monitor the contract's state.

// Example of Emitting Event for Minted Update

event MintedUpdated(uint256 newMintedValue);

function updateMinted(uint256 newMintedValue) internal {

minted = newMintedValue;

emit MintedUpdated(newMintedValue);

}

// Function where minted is updated

function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

require(fullyCollateralised(_amount + fee), UNDER_COLL);

updateMinted(minted + _amount + fee);

// Rest of the function logic

}

Similar event emission logic for other critical state changes, such as updates to liquidated or any other vital variables. The SmartVaultV3 contract can enhance transparency by emitting events for critical state changes, allowing external entities to monitor and react to these changes effectively.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.