The `CreateMerkleLL` and `CreateMerkleLT` events are not emitted when the contract is not created from `SablierV2MerkleLockupFactory`
Summary
The CreateMerkleLL and CreateMerkleLT events are not emitted when the contract is not created from SablierV2MerkleLockupFactory.
Vulnerability Details
The deployment of SablierV2MerkleLL and SablierV2MerkleLT contracts is not limited to the use of the SablierV2MerkleLockupFactory contract. This allows any creator to deploy Merkle contracts independently of the SablierV2MerkleLockupFactory contract.
Consequently, the CreateMerkleLL and CreateMerkleLT events are exclusively emitted when these contracts are deployed via the SablierV2MerkleLockupFactory contract, not when deployed by other Merkle contracts.
The protocol relies on these event emissions to record the creation of Merkle contracts. However, this setup leads to a scenario where Merkle contracts deployed without utilizing the SablierV2MerkleLockupFactory contract may not be registered by the Sablier Interface.
Impact
The protocol risks losing critical event data necessary for logging the creation of Merkle contracts on its interface. Consequently, certain Merkle contracts may not appear on the interface as intended.
Tools Used
Manual Review
Recommendations
Include CreateMerkleLL and CreateMerkleLT event emissions in the constructors of SablierV2MerkleLL and SablierV2MerkleLT contracts to ensure event emission even when the contracts are not created from SablierV2MerkleLockupFactory.
Lead Judging Commences
Info/Gas/Invalid as per Docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.