Missing `Transfer` Event in Multiple Functions within `SablierFlow` Contract, Resulting in Incomplete Logging
Summary
Multiple functions in the SablierFlow contract are missing Transfer event emissions, despite references in the NatSpec documentation within the ISablierFlowBase interface. This omission may result in the loss of essential logging information.
Vulnerability Details
The NatSpec for the SablierFlow contract, as specified in the ISablierFlowBase interface, indicates that a Transfer event should be emitted at the end of certain functions. However, none of the functions in SablierFlow currently emit this event, nor is the Transfer event defined within the contract.
Impact
Without the Transfer event, there is a potential loss of expected logging information, which can lead to gaps in transaction history and audit trails. If the Transfer event is expected for transaction tracking or monitoring purposes, its absence could disrupt off-chain indexing, transaction audits, or user activity tracking for the functions involved.
Tools Used
Manual review.
Recommended Mitigation:
Define the Transfer event within the ISablierFlowBase interface and add emit statements for the event in the following functions to ensure complete transaction logging:
SablierFlow::createAndDepositSablierFlow::depositSablierFlow::depositAndPauseSablierFlow::depositViaBrokerSablierFlow::refundSablierFlow::refundAndPauseSablierFlow::restartAndDepositSablierFlow::withdrawSablierFlow::withdrawMax
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.