Lack of Event Emissions for Critical Operations in KittyPool.sol::depawsitMeowllateral
Relevant GitHub Links
https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L83-85
Summary
The contract does not emit events for significant state changes, such as collateral deposits, withdrawals, and liquidations. This absence makes it difficult to monitor on-chain activities and detect any anomalies in real-time.
Vulnerability Details
The lack of event emissions for key functions in the contract means that changes to the system’s state, such as user deposits, withdrawals, or liquidations, are not logged on the blockchain. This omission makes it challenging for external monitors, auditors, or users to track activities and respond quickly to unexpected behavior.
Impact
Reduced transparency and monitoring capability, making it harder to audit transactions, trace issues, or provide accountability in case of disputes or security incidents.
Tools Used
Manual
Recommendations
Emit Events: Add event emissions for all critical operations, such as deposits, withdrawals, and liquidations.
Improve Monitoring: Encourage the development of off-chain monitoring tools that listen for these events and provide alerts for any unusual activity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.