Insufficient Event Emission for Critical Actions
Description: The contract lacks event emissions for some critical actions, such as when a treat's cost is updated or when a trick is resolved. This omission makes it difficult to track important state changes on the blockchain.
-
Found in src/TrickOrTreat.sol Line: 45
treatList[_treatName].cost = _cost;
Impact:
Without events, users and developers cannot easily monitor or verify critical actions, reducing transparency and auditability.
It becomes harder to debug and trace the contract's behavior without a comprehensive event log.
Proof of Concept:
Scenario: A user updates a treat's cost using setTreatCost, but no event is emitted to log this change.
Exploit: While not a direct exploit, the lack of events can lead to disputes or misunderstandings about the contract's state.
Recommended Mitigation:
Emit events for all critical state changes, such as in
setTreatCostandresolveTrick.Ensure events contain sufficient information to reconstruct the state change.
Implement a consistent strategy for logging all significant actions and state changes.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.