Dria

Github

• https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L200

• https://github.com/Cyfrin/2024-10-swan-dria/blob/c8686b199daadcef3161980022e12b66a5304f8e/contracts/swan/BuyerAgent.sol#L222

Description

In the BuyerAgent contract, two critical functions updateState and purchase lack event emissions to log significant state changes and actions. The updateState function is responsible for updating the internal state of the BuyerAgent based on oracle data, while purchase executes asset purchases during the Buy phase. Both functions perform essential updates to the contract’s data and state, yet the absence of event emissions introduces operational, monitoring, and transparency issues.

The updateState function is called to retrieve and update the internal state of the BuyerAgent based on oracle results. This function is typically executed in the Withdraw phase and is expected to update the state variable with data fetched from the oracle. However, the function does not emit an event upon a successful update, which would serve as a log of each state change.

Potentially useful event parameters could include:

• The taskId used to retrieve oracle data.

• The round or phase during which the update occurred.

• The state value before and after the update.

The purchase function performs asset purchases from the Swan contract. During the Buy phase, this function makes multiple purchases based on assets returned by an oracle request, transferring assets to the BuyerAgent and updating internal data, such as spendings and inventory.

However, like updateState, the purchase function lacks an event emission. Without an event, critical information regarding each purchase is not readily available to external systems, which creates challenges in tracking:

• The assets that were successfully purchased.

• The round and phase during which purchases were made.

• The spendings incurred for each round.

Impact

Without events, it becomes challenging for users, operators, and other stakeholders to track changes to the internal state of BuyerAgent. Events allow operators to identify, monitor, and verify critical updates in real time, reducing uncertainty in contract operations. Events help identify the source of errors and understand function behavior when issues arise. Lack of emissions makes it more difficult to trace the sequence of operations and pinpoint specific causes, which can lead to prolonged debugging times and an increased risk of untraceable issues in production.

Tools Used

Manual Review

Recommendations

For updateState define an event StateUpdated with relevant parameters and emit it upon a successful state update. Ensure the event includes critical data such as the taskId, round, old and new state values, enhancing visibility into each state change.

For purchase define an event AssetPurchased to log details of each asset purchase. Emit this event for each asset transaction, recording the round, asset address, and price, so all purchases can be traced effectively.