Inconsistent Parameter Naming in Event Emission for addTreat function
Summary
The addTreat function allows the contract owner to add a new treat with a name, rate, and metadata URI. However, there is a naming mismatch between the emit statement and the TreatAdded event definition. The emit statement uses _rate, but the event defines a cost parameter instead. This inconsistency can cause confusion for developers, auditors, or tools that rely on event logs for tracking treat data.
Vulnerability Details
The event TreatAdded defines a cost parameter, but the emit statement in addTreat emits _rate as the second argument. This inconsistency between the names can lead to confusion for developers and users who expect the cost to match what is being emitted as the rate.
Problem:
-
Mismatch Between Event and Emission: The event defines
cost, but the function emits_rate. This inconsistency could cause misunderstandings when external users or tools read and track events.Line Highlight:
event TreatAdded(string name, uint256 cost, string metadataURI); // Defined with 'cost'
Impact
The naming inconsistency between rate and cost could lead to confusion or errors for developers who rely on event logs for tracking treat-related data.
Data Inconsistency: Misinterpreting rate as cost can lead to incorrect assumptions or data interpretation regarding the value of the treats.
Tools Used
Manual Review
Recommendations
Ensure Consistent Naming: To resolve this issue, align the parameter names between the emit statement and the event declaration. Use rate consistently.
Corrected Code:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.