Tadle

Summary

The updateMarketPlaceStatus function updates the status of a marketplace but fails to emit an event to log this change. This omission can obscure status updates and make it challenging to track changes, affecting the transparency and auditability of the contract.

Vulnerability Details

The updateMarketPlaceStatus function allows the contract owner to update the status of a marketplace by specifying its name and the new status. The relevant code snippet is:

This function successfully updates the status field of the MarketPlaceInfo struct associated with the provided marketplace address. However, it does not emit an event to notify interested parties of this change. Events are crucial in smart contracts for providing an auditable trail of significant actions and updates.

Affected LoC:

• https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/SystemConfig.sol#L160-L171

Impact

The lack of event emission means that updates to the marketplace status will not be logged on the blockchain, making it difficult for users and other stakeholders to track when and why the status was changed. This can lead to a lack of transparency and accountability, as changes to critical contract parameters are not publicly recorded. This could result in potential disputes or confusion about the current status of the marketplace, impacting user trust and the overall integrity of the contract.

Tools Used

Manual

Recommendations

To address this issue, it is essential to emit an event whenever the updateMarketPlaceStatus function is called. This will provide transparency and allow users to track changes to the marketplace status. The updated function should include an event definition and emission as follows: