Submission Details
Severity:
event is missing in `priorityPool::OnTokenTransfer`
Summary
according to https://github.com/ethereum/EIPs/issues/677 "the token contract calls the receiving contract's function onTokenTransfer(address,uint256,bytes) and triggers an event, following the convention set in ERC223."
function onTokenTransfer(address _sender, uint256 _value, bytes calldata _calldata) external {
if (_value == 0) revert InvalidValue();
(bool shouldQueue, bytes[] memory data) = abi.decode(_calldata, (bool, bytes[]));
if (msg.sender == address(token)) {
_deposit(_sender, _value, shouldQueue, data);
} else if (msg.sender == address(stakingPool)) {
uint256 amountQueued = _withdraw(_sender, _value, shouldQueue);
token.safeTransfer(_sender, _value - amountQueued);
} else {
revert UnauthorizedToken();
}
}
like OperatorStakingPool::onTokenTransfer which has the deposit event , also needed for priorityPool::OnTokenTransfer
Impact
-
Without events, the function will still perform its task (like transferring tokens or adjusting balances), but transparency and monitoring will be significantly reduced.
-
For systems that rely on clear tracking and user notifications, omitting events can lead to poor user experience or difficulty in debugging.
Recommendations
add Deposit/Withdraw event
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.