GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing event emission in donate function, leading to missing logs to key activities

sstoqnov_

Summary

The donate function in the GivingThanks contract lacks event emission to log key activities, such as successful donations, which could lead to inadequate transaction transparency and hinder audit capabilities.

Vulnerability Details

In the donate function, key actions include:

  1. ETH Transfer: The contract sends Ether to a charity address.

  2. NFT Minting: The donor receives an NFT representing a receipt for the donation.

Despite these significant actions, the function lacks any event emission to log these details, which impedes real-time tracking and reduces transparency.

Impact

The lack of event emissions in the donate function makes it difficult to track and verify donations on the blockchain, reducing transparency for users and auditors. This issue can undermine trust in the contract, as external systems and users cannot efficiently monitor or confirm successful transactions.

Tools Used

  • Manual Review

Recommendations

Add Event Declaration: Declare a new event, such as DonationMade, to capture key details:

event DonationMade(address indexed donor, address indexed charity, uint256 amount, uint256 tokenId);

Emit Event in donate Function: Emit this event in the donate function to record each successful donation:

emit DonationMade(msg.sender, charity, msg.value, tokenCounter);
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.