Submission Details
Severity:
`StakingPool::addStrategy` and `StakingPool::removeStrategy` make important state changes, but do not emit events
Summary
In the StakingPool contract we have two functions, one for adding and one for removing strategies. These two functions make importants state changes, however they do not emit an event for it.
Vulnerability Details
The addStrategy and removeStrategy functions in the StakingPool contract modify the set of strategies used by the pool, but they don't emit events to log these changes:
Impact
It is generally a good practice to emit events on important stage changes to better track the state of the system.
Tools Used
Manual Review
Recommendations
Add events to both functions:
event StrategyAdded(address indexed strategy);
event StrategyRemoved(address indexed strategy, uint256 index);
function addStrategy(address _strategy) external onlyOwner {
// logic ...
emit StrategyAdded(_strategy);
}
function removeStrategy(uint256 _index, bytes memory _strategyUpdateData, bytes calldata _strategyWithdrawalData) external onlyOwner {
// logic ...
emit StrategyRemoved(strategies[_index], _index);
}
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.