Submission Details
Severity:
Report on Emit Events in the MembershipFactory Contract
Summary
This report examines areas within the MembershipFactory smart contract where emit events are either missing or incorrectly implemented. Proper emit events provide transparency and traceability, enabling users and developers to monitor contract interactions more efficiently.
Vulnerability Details
| Function | Suggested Event | Issue | Recommendation | Event Description |
|---|
updateDAOMembership |
DAOMembershipUpdated |
Missing event when updating DAO settings, which limits visibility into configuration changes. | Add DAOMembershipUpdated event to capture details of DAO updates. |
Signals changes to DAO membership settings, including updated tiers and maximum membership. |
|---|
upgradeTier |
UserUpgradedTier |
Lacks clear event for tier upgrades, making it unclear whether a user joined or upgraded. | Add UserUpgradedTier event to explicitly capture tier upgrades with old and new tier information. |
Indicates a user’s tier upgrade within a DAO, specifying previous and new tiers. |
|---|
setCurrencyManager |
CurrencyManagerUpdated |
No event emitted when updating currencyManager, reducing transparency around key contract dependencies. |
Add CurrencyManagerUpdated event to log changes in currencyManager address. |
Notifies changes in the currencyManager address, providing visibility on dependency updates. |
|---|
setBaseURI |
BaseURIUpdated |
Missing event for base URI updates, hindering monitoring of changes to metadata location. | Add BaseURIUpdated event to track metadata location changes. |
Logs updates to the base URI for NFT metadata, aiding in tracking metadata source changes. |
|---|
updateMembershipImplementation |
MembershipImplementationUpdated |
No event emitted for changes in membershipImplementation, obscuring information on proxy deployments. |
Add MembershipImplementationUpdated event to capture updates to membershipImplementation. |
Logs changes to the membershipImplementation address, impacting all future proxy deployments. |
|---|
callExternalContract |
ExternalContractCalled |
External calls lack event logging, limiting traceability of interactions with other contracts. | Add ExternalContractCalled event to log target address and function data of external calls. |
Logs details of external contract calls, including the target address and data payload, enhancing visibility. |
|---|
Impact
Tools Used
Manual analysis
Recommendations
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.