MyCut

First Flight #23

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Lack of events which reduces transparency and difficulty in monitoring

dharmin

Description

The ContestManager contract lacks event emissions for critical actions such as creating, funding, and closing contests. Events are crucial in Solidity contracts for logging important actions, as they provide an immutable record on the blockchain that can be indexed and queried by off-chain applications. Without these events, tracking the state and history of the contract becomes difficult, which can hinder monitoring, debugging, and auditing efforts.

Impact

Visibility: Without events, external parties (such as users or monitoring systems) cannot easily track when contests are created, funded, or closed. This lack of visibility can lead to difficulties in verifying the correct operation of the contract.
Debugging: Developers and auditors will find it more challenging to diagnose issues or verify contract behavior without event logs. In the event of a bug or issue, the absence of events makes it harder to trace the sequence of actions leading up to the problem.
Transparency: Participants in the contests might not have a clear understanding of the state of the contract, which could lead to mistrust or uncertainty.

Proof of Concepts

The following functions in the ContestManager contract are identified as lacking event emissions:

createContest
fundContest
closeContest

For example, in the createContest function:

function createContest(address[] memory players, uint256[] memory rewards, IERC20 token, uint256 totalRewards)

public

onlyOwner

returns (address)

{

Pot pot = new Pot(players, rewards, token, totalRewards);

contests.push(address(pot));

contestToTotalRewards[address(pot)] = totalRewards;

// No event emitted to signal that a new contest has been created.

return address(pot);

}

Recommended Mitigation: Add event declarations and emit statements in the contract to log significant actions.

event ContestCreated(address indexed contestAddress, uint256 totalRewards);

event ContestFunded(address indexed contestAddress, uint256 amount);

event ContestClosed(address indexed contestAddress);

Updates

Lead Judging Commences

equious Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing Events

Rewards breakdown

nSLOC

106

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.