Lack of Event Emission in `TempleTeleporter:_lzReceive` Function
Summary
The TempleTeleporter:_lzReceive function is responsible for receiving cross-chain messages and minting tokens to a specified recipient. However, the function lacks event emission, which can reduce transparency, hinder auditability, and obscure transaction details.
Vulnerability Details
The _lzReceive function decodes the payload to retrieve the recipient address and the token amount, then mints tokens accordingly. However, it fails to emit an event that records this minting action. Event logs are critical for providing transparency and ensuring that all actions performed by the contract are traceable and verifiable.
See the following code:
Impact
Without event logs, tracking the contract's actions becomes difficult, which can erode user and stakeholder trust. Devs rely on event logs to verify the correctness of transactions. The absence of these logs makes it challenging to audit the contract's behavior. Important details about token transfers, such as recipient addresses and amounts, are not recorded on the blockchain, making it hard to trace token flow.
Tools Used
Manual Reivew
Recommendations
To address this issue, it is recommended to emit an event every time the _lzReceive function mints tokens. This will ensure all critical actions are logged on the blockchain, enhancing transparency, auditability, and traceability.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.