First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Events for Access Control in ScoreBoard.sol

heim

Summary

A potential issue has been identified in the ScoreBoard contract where the setThePredicter function does not emit an event when the thePredicter address is updated. Emitting events for critical parameter changes is important for tracking contract states off-chain and ensuring transparency.

Vulnerability Details

Missing Event Emission in ScoreBoard.setThePredicter

  • Location: ScoreBoard.setThePredicter (src/ScoreBoard.sol#47-49)

  • Description: The function setThePredicter updates the thePredicter address without emitting an event, making it difficult to track changes to this critical parameter off-chain.

  • Code Snippet:

function setThePredicter(address _thePredicter) external {
thePredicter = _thePredicter;
}

Impact

Without the emission of events for critical parameter changes, it becomes difficult to trace changes to the thePredicter address off-chain. This could lead to a lack of transparency and potential issues in auditing the contract's state changes.

Tools Used

Manual review

Recommendations

  • Emit Events for Critical Changes: Modify the setThePredicter function to emit an event whenever the thePredicter address is updated. This ensures traceability and transparency of critical parameter changes.
    Example:

event PredicterChanged(address indexed previousPredicter, address indexed newPredicter);
function setThePredicter(address _thePredicter) external {
address previousPredicter = thePredicter;
thePredicter = _thePredicter;
emit PredicterChanged(previousPredicter, _thePredicter);
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.