The Standard

Summary

The LiquidationPoolManager, and LiquidationPool contracts lack crucial event emissions for significant functions like runLiquidation, claimRewards, increasePosition, distributeAssets and decreasePosition.

This omission delay key stakeholders' ability to monitor and respond to vital contract activities.

As most event can be consider as a LOW issue, distributeAssets is a MEDIUM as the Stakers can end up having EUROs burned for an asset and not being aware that the asset was distributed, then won't be able to sell it on time if the price of the asset drop faster than the collateral rate used.

Vulnerability Details

Event emissions play a critical role in Ethereum smart contracts, especially for functions with substantial implications for users.
The absence of these events in the following functions poses a medium severity risk:

1 - LiquidationPool Contract

distributeAssets: Absence of an event when stakers is assigned a rewards. // Medium

claimRewards: Absence of an event when stakers claim their rewards. // Medium

increasePosition/decreasePosition: No events for changes in a user's stake in the pool.

2 - LiquidationPoolManager Contract

distributeFees: Does not emit an event when fees are distributed.

Impact

The unavailability of events for these functions can lead to medium severity impacts because:

1 - Stakers are Unaware of Asset Acquisition: They receive assets in place of their burned EUROs but are not informed of this change via an on-chain event.

2 - Inability to React to Market Changes: Without immediate knowledge of the asset acquisition, stakers cannot swiftly respond to market conditions. If the acquired assets' value decreases rapidly post-liquidation, stakers may incur losses, potentially more significant than any discounts received during the liquidation.

Tools Used

Manual Review

Recommended Mitigation

To address this medium severity issue, it is recommended to introduce event emissions for all the critical functions mentioned.

1 - LiquidationPool Contract:

claimRewards: Emit an event with the staker's address and reward details.

increasePosition/decreasePosition: Emit events detailing the staker's address, amount involved, and updated position.

distributeAssets: Log critical actions such as the burning of EUROs and the corresponding acquisition of other assets. The event should include details like the amount of EUROs burned, the type and amount of assets received, and the affected staker's address

By implementing these events, the protocol can significantly improve its transparency and responsiveness, especially during critical operations like liquidations and reward distributions. This enhancement will allow stakeholders to act swiftly in response to changing circumstances, protecting their financial interests.

2 - LiquidationPoolManager Contract

runLiquidation: Emit an event with vault identifier and liquidation specifics. (currently only the vault address is emitted)

distributeFees: Emit an event detailing the distributed fee amounts.