Lack of Event Emission
Summary
The Dussehra contract does not emit events for critical state changes, such as when Ravana is killed and when rewards are withdrawn. This lack of event emission reduces transparency and makes it difficult to track and audit important contract activities, potentially leading to disputes or confusion among participants.
Vulnerability Details
Without emitting events, it becomes challenging to monitor and verify contract interactions, which is essential for maintaining trust and accountability.
In the Dussehra contract, several critical actions do not trigger events:
Killing Ravana (killRavana function): When Ravana is killed, and the organiser receives a portion of the collected funds.
Withdrawing rewards (withdraw function): When the selected Ram withdraws their rewards.
Impact
Transparency : Participants and external observers cannot easily verify the occurrence of significant contract actions.
Auditing : It becomes difficult to track and audit the contract’s state changes, which is essential for resolving disputes and ensuring the contract behaves as expected.
User Trust : Lack of transparency can reduce trust among users, as they rely on off-chain systems to provide accurate information about contract interactions.
Tools Used
Manual Review
Recommendations
Define the events:
Lead Judging Commences
Info/Gas/Invalid according to docs
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.