Project

One World
NFTDeFi
15,000 USDC
View results
Submission Details
Severity: low
Invalid

Missing Event Emission for Profit Redirection in sendProfit Function

Summary

The sendProfit function in MembershipERC1155.sol lacks event emission when profits are redirected to the creator, reducing transparency.

Vulnerability Details

In the sendProfit function, when the total supply is zero, profits are redirected to the creator:

function sendProfit(uint256 amount) external {
uint256 _totalSupply = totalSupply;
if (_totalSupply > 0) {
totalProfit += (amount * ACCURACY) / _totalSupply;
IERC20(currency).safeTransferFrom(msg.sender, address(this), amount);
emit Profit(amount);
} else {
IERC20(currency).safeTransferFrom(msg.sender, creator, amount); // Redirect profit to creator if no supply
// @audit Missing event emission here
}
}

It lacks event when redirecting profit to the creator.

Impact

  1. Reduced transparency

  2. Difficulty to track changes

  3. Inefficient or impossible integration with other contracts and services

Tools Used

Manual code review

Recommendations

Add events when redirecting profit to the creator..

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xbrivan2 Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.