Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing events on important state changes

PerseusLabs

Summary

The codebase lacks the emission of critical events during important state changes across multiple contracts. Events in smart contracts are essential for tracking state changes, auditing, and providing transparency to users and developers. The absence of these events can lead to difficulties in monitoring and troubleshooting the contract's behavior, and it can obscure important state transitions from off-chain systems.

Vulnerability Details

Events are a fundamental part of smart contract design, serving as a log of important actions and state changes within the contract. They are crucial for off-chain systems that track contract activity and for users who rely on this information to understand what is happening on-chain.

However, in the following sections of the codebase, important state changes occur without the corresponding emission of events:

FjordAuctionFactory.sol:
- Line 41: Setting a new owner.
FjordPoints.sol:
- Line 163: Setting a new owner.
- Line 172: Setting a new staking contract address.
- Line 184: Setting number of points distributed per epoch.
FjordStaking.sol:
- Line 347: Setting a new owner.
- Line 352: Setting a rewardAdmin.
- Line 357: Adding authorized Sablier sender.
- Line 361: Removing authorized Sablier sender.

Without event emissions at these points, it becomes challenging to track contract interactions, diagnose issues, and audit contract behavior. This could result in a lack of transparency for users and developers, and hinder the effectiveness of off-chain monitoring systems.

Impact

The absence of event emissions on critical state changes can lead to several issues:

Reduced Transparency: Users and external systems depend on events to understand the state changes within a contract. Without these events, it’s difficult to track or audit the contract's actions, reducing overall transparency.
Incompatibility with Off-chain Systems: Many off-chain systems, including analytics platforms, rely on events to trigger specific actions or to maintain a consistent state with on-chain data. The lack of event emissions could lead to desynchronization between on-chain and off-chain systems, potentially causing errors or unintended behavior.
Potential for Disputes: In the absence of clear logs provided by events, disputes over transactions or state changes could arise.

Tools Used

Manual code review.

Recommendations

To mitigate this issue, it is recommended to introduce events for all critical state-changing actions within the contracts.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.