Flow

Summary:

The absence of indexed fields in event definitions poses a significant risk by limiting the efficiency of data retrieval for off-chain applications. When critical fields in events are not indexed, querying event logs becomes slower, as non-indexed fields require scanning through all emitted events.

This inefficiency can lead to delays in accessing important data, which is especially problematic for decentralized applications (dApps) that depend on timely information for functionality, such as real-time transaction tracking, analytics, or user interfaces.

Vulnerability Details:

Several events have been identified within the contracts that do not utilize indexed fields effectively. Indexing fields in events is critical for improving the efficiency of data retrieval by off-chain applications. When fields are indexed, they can be quickly accessed and filtered, allowing for better performance in applications that rely on blockchain event data.

Instances:

The following events have been identified as lacking sufficient indexed fields:

1. ISablierFlow.sol:

   • Line 26: AdjustFlowStream event has no indexed fields.

   • Line 51: DepositFlowStream event has only two indexed fields.

   • Line 66: RefundFromFlowStream event has only two indexed fields.

   • Line 73: RestartFlowStream event has only two indexed fields.

2. ISablierFlowBase.sol:

   • Line 28: CollectProtocolRevenue event could benefit from additional indexing.

   • Line 35: Recover event could also utilize more indexed fields.

   • Line 41: SetNFTDescriptor event has no indexed fields.

   • Line 50: SetProtocolFee event could index additional fields.

Impact:

Increased Latency: Non-indexed fields require full scans of the event logs for retrieval, resulting in slower response times when querying for specific events. This can hinder the performance of dApps that need to access real-time data quickly.

Reduced Efficiency: Without indexed fields, off-chain applications cannot efficiently filter and process event data. This inefficiency can lead to higher computational costs and delays in data processing, particularly in applications that depend on rapid updates and user interactions.

Increased Gas Costs: While indexing adds overhead during event emission, the long-term benefits of faster queries can outweigh the costs. However, without proper indexing, applications may incur higher costs related to processing time and resource usage during event retrieval.

Tools Used: Slither and Aderyn.

Recommendations:

Add Indexed Fields:

• Review each event definition and identify key parameters that should be indexed.

• For events with three or more fields, ensure that three fields are indexed if relevant. For events with fewer than three fields, consider indexing all parameters to maximize searchability.