Critical State-Changing Functions Lack Event Emissions
Summary
Several critical functions that modify important state variables are not emitting events. This oversight reduces the transparency and auditability of the system, potentially impacting off-chain monitoring and user interfaces.
Vulnerability Details
The following functions have been identified as lacking event emissions:
In AuctionFactory contract:
AuctionFactory.setOwner
In FjordPoints contract:
FjordPoints.setOwner
FjordPoints.setStakingContract
FjordPoints.setPointsPerEpoch
These functions modify critical state variables such as the contract owner, staking contract address, and points allocation parameters. However, they do not emit events to log these important changes.
Impact
The lack of event emissions in these functions has several potential impacts:
-
Reduced Transparency: Off-chain systems and users cannot easily track important contract state changes, reducing overall system transparency.
-
Hindered Auditability: It becomes more difficult to audit the history of critical parameter changes, potentially complicating security reviews and incident investigations.
-
Monitoring Challenges: Automated monitoring systems that rely on event logs may fail to detect important contract state changes, potentially delaying responses to unauthorized changes.
While these issues do not directly compromise the contract's functionality, they significantly impact the system's observability and could indirectly lead to security risks if critical changes go unnoticed.
Tools Used
Manual
Recommendations
To address this issue, we recommend adding appropriate event emissions to each of the identified functions. Here are the suggested modifications:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.