Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Lack of Event Emission

Summary

The Dussehra contract does not emit events for critical state changes, such as when Ravana is killed and when rewards are withdrawn. This lack of event emission reduces transparency and makes it difficult to track and audit important contract activities, potentially leading to disputes or confusion among participants.

Vulnerability Details

Without emitting events, it becomes challenging to monitor and verify contract interactions, which is essential for maintaining trust and accountability.

In the Dussehra contract, several critical actions do not trigger events:

  • Killing Ravana (killRavana function): When Ravana is killed, and the organiser receives a portion of the collected funds.

  • Withdrawing rewards (withdraw function): When the selected Ram withdraws their rewards.

Impact

  • Transparency : Participants and external observers cannot easily verify the occurrence of significant contract actions.

  • Auditing : It becomes difficult to track and audit the contract’s state changes, which is essential for resolving disputes and ensuring the contract behaves as expected.

  • User Trust : Lack of transparency can reduce trust among users, as they rely on off-chain systems to provide accurate information about contract interactions.

Tools Used

Manual Review

Recommendations

Define the events:

event RavanaKilled(uint256 totalAmountGivenToRam);
event AmountWithdrawn(address ram, uint256 amount);
function killRavana() public RamIsSelected {
...
emit RavanaKilled(totalAmountGivenToRam);
}
function withdraw() public RamIsSelected OnlyRam RavanKilled {
...
emit AmountWithdrawn(msg.sender, amount);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Info/Gas/Invalid according to docs

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.